Daily Archives: 20/07/2015

Exchange Hybrid deployment certificate requirements

Published by:

Dan Patrascu-Baba

Partner Technical Consultant at Microsoft
Azure PaaS and dev consultant, working for Microsoft. Mostly dealing with Microsoft Azure services, ASP.Net Core, AngularJS, Javascript. Helping partners and customers to write good code and to architect their cloud and hybrid solutions.

Exchange Online gains more and more momentum and Exchange hybrid deployments are already a pretty common scenario for a lot of IT organizations. Even if almost every aspect around an Exchange Hybrid deployment is well known by IT pros, there is still a point that seems to cause some difficulties: certificates. And since an Exchange hybrid deployment is not possible without a proper certificate configuration, I thought to clarify the most important aspects about certificates in such a scenario by answering 5 questions I often hear when working with IT administrators.

One of the top question I deal with almost every day is: “I have a self signed certificate configured for my Exchange Server deployment, issued by my Windows Server 2012 R2 Certification authority. Can I use this certificate for an Exchange Hybrid deployment?” The answer is NO! In order to create an Exchange Hybrid deployment, organizations need a certificates issued by a trusted and public certification authority. And the reason why is very simple. Certificates are meant to prove your organization’s identity so that users and other service providers (like Microsoft) can be sure that they engage with the organizations they wanted to engage and not with an attacker. Continue reading