SOLVED
Home

SSL certificate question

%3CLINGO-SUB%20id%3D%22lingo-sub-16156%22%20slang%3D%22en-US%22%3ESSL%20certificate%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-16156%22%20slang%3D%22en-US%22%3E%3CP%3ECan%202%20Exchange%202013%20CU%2013%20servers%20(not%20load%20balanced)%20share%20the%20same%20third%20party%20SSL%20certificate%3F%20Looking%20for%20a%20recent%20tech%20article%20that%20shows%20this%20can%20be%20done.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20Exchange%202013%20server%2C%20Server%201%2C%26nbsp%3Bis%20a%20hybrid%20server%20for%20O365%2C%20one%20is%20not.%20Both%20are%20virtual%20servers.Server%201%20is%20also%20an%20internal%20SMTP%20relay%20server.%20Server%201%20will%20have%20system%20maintenance.%20Server%202%2C%20will%20take%20over%20the%20internal%20SMTP%20relay%20server%20role%20while%20Server%201%20is%20offline.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-16156%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-16395%22%20slang%3D%22en-US%22%3ERe%3A%20SSL%20certificate%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-16395%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50%22%20target%3D%22_blank%22%3E%40Nuno%20Silva%3C%2FA%3E%26nbsp%3B-%20Thank%20you!%20Just%20the%20information%20I%20need.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-16246%22%20slang%3D%22en-US%22%3ERe%3A%20SSL%20certificate%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-16246%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Emy%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20for%20the%20best%20practice%20you%20should%20have%20the%20same%20certificate%20across%20all%20Exchange%20Servers%20that%20offer%20services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20configuring%20a%20hybrid%20deployment%2C%20you%20must%20use%20and%20configure%20certificates%20that%20you%20have%20purchased%20from%20a%20trusted%20third-party%20CA.%20The%20certificate%20used%20for%20hybrid%20secure%20mail%20transport%20must%20be%20installed%20on%20all%20on-premises%20Mailbox%20(Exchange%202016%20and%20newer)%2C%20and%20Mailbox%20and%20Client%20Access%20(Exchange%202013%20and%20older)%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20read%20more%20here%20-%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fhh563848%2528v%3Dexchg.150%2529.aspx%3Ff%3D255%26amp%3BMSPPError%3D-2147217396%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fhh563848%2528v%3Dexchg.150%2529.aspx%3Ff%3D255%26amp%3BMSPPError%3D-2147217396%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Emy Loanzon
Contributor

Can 2 Exchange 2013 CU 13 servers (not load balanced) share the same third party SSL certificate? Looking for a recent tech article that shows this can be done.

 

One of the Exchange 2013 server, Server 1, is a hybrid server for O365, one is not. Both are virtual servers.Server 1 is also an internal SMTP relay server. Server 1 will have system maintenance. Server 2, will take over the internal SMTP relay server role while Server 1 is offline.

 

Thanks in advance.

2 Replies
Solution

Hi Emy,

 

Yes, for the best practice you should have the same certificate across all Exchange Servers that offer services.

 

When configuring a hybrid deployment, you must use and configure certificates that you have purchased from a trusted third-party CA. The certificate used for hybrid secure mail transport must be installed on all on-premises Mailbox (Exchange 2016 and newer), and Mailbox and Client Access (Exchange 2013 and older) servers.

 

You can read more here - https://technet.microsoft.com/en-us/library/hh563848%28v=exchg.150%29.aspx?f=255&MSPPError=-21472173...

@Nuno Silva - Thank you! Just the information I need.