Share via

Exchange server domian across migration with certificater

姚黎忠 100 Reputation points
2025-07-01T01:24:56.95+00:00

"I have an existing Exchange Server 2016 with the MRS (Mailbox Replication Service) enabled. On IIS, both the Frontend and Backend are bound to a public wildcard certificate (*). Now, I'm performing a cross-forest migration. All other configurations are ready.

I’ve deployed a new Exchange Server 2019 environment and imported its self-signed 'Exchange Server' certificate into Exchange 2016’s Trusted Root Certification Authorities. Additionally, I’ve imported Exchange 2016’s public wildcard certificate into Exchange 2019’s Trusted Root Certification Authorities.

However, when attempting to migrate data to Exchange 2019, I receive an error that the certificate is invalid. My question is: Does Exchange 2016 require the public wildcard certificate, or does it strictly need the Exchange Server self-signed certificate for this migration?"

我一个已经运行的Exchange server 2016,MRS 服务已启用,IIS上 frountend 和 backend 绑定的证书都是 * 通配符证书, 现在我要做跨域的迁移,其他设置我都准备完毕,我新部署了一个exchange server 2019 的环境,并且将exchange 2019 的自签名证书exchange server 导入到exchange 2016的受信任的颁发机构,然后将exchange 2016 的公网通配符证书导入到exchange 2019受信任的颁发机构,现在在exchange 2019 迁移数据时提示 证书不正确,我想问 这个exchange 2016 上的证书是可以使用公网通配符还是 必须使用exchange server 自签名

Exchange | Exchange Server | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hin-V 1,140 Reputation points Microsoft External Staff Moderator
    2025-07-01T09:53:31.69+00:00

    Hi @姚黎忠 

    Thank you for posting your question in the Microsoft Q&A forum.    

    According to your description, we understand that you have considered the public wildcard certificate and Exchange Server self-signed certificate requirements when migrating from exchange sever 2016 to 2019 . We are glad to assist you this part. 

    Based on my research, the public wildcard certificate or a CA-issued certificate is recommended for broader trust and compatibility during migration processes. 

    For the migration process in Microsoft Exchange Server 2016, it is not strictly necessary to use a public wildcard certificate. You can use a self-signed certificate generated by the Microsoft Exchange Server itself for certain internal communications. However, self-signed certificates are typically not trusted by external clients, servers, or services, which may lead to connectivity issues during the migration process. That is why creating a new self-signed certificate in Exchange 2019, you could ensure that the certificate is tailored to Exchange 2019 configuration and avoid the issue while migrating from Exchange sever 2016.  

    If you need further assistance, please  let us know. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.