*.tls.com Wild Card Certificates to be installed in Exchange Server or enough to install in appache server which we are using for webmail.tls.com

Sathishkumar Singh 486 Reputation points
2021-04-07T12:02:35.143+00:00

Hello Support,

In Exchange Server 2016 (CU19) in Certificate part what is the best practice to enable which services?

Note:- we have created reverse proxy and installed *wildcard.com certificate

I would like to know when we have already installed the *tls.com wildcard certificate in reverse proxy server separately in Linux (apache) it is working fine since. (Previously we were using NetScaler) now it is replaced to using linux )

But if we look into Exchange Server Part:
Here i am having certificates below appear in my exchange server.

When i configured Wild Card certificate getting revoke error

i.e:-

85324-01.png

wild card certificate is pointed to IIS. My question when i have already installed wild card certificate in reverse proxy ,Still need to be install in Exchange Server?

Below certificates are correctly pointed to services?

85332-2.png

--------------------

85333-3.png

--------------------

85351-4.png

--------------------

85295-5.png

--------------------

85296-6.png

--------------------

85304-7.png

--------------------

Please advise what is to be done? does it need wild card certificate need to be installed in the exchange server?

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,746 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Joyce Shen - MSFT 16,691 Reputation points
    2021-04-08T02:40:32.227+00:00

    Hi @Sathishkumar Singh

    We could refer to the official document to know the services in the certificate and their usages: Assign certificates to Exchange Server services

    Have you checked the official link here introduced about Certificate status could not be determined because revocation check failed when importing third-party certificate

    This issue occurs because Exchange Server 2010 uses Microsoft Windows HTTP Services (WinHTTP) to manage all HTTP and HTTPS traffic, and WinHTTP does not use the proxy settings that are configured for the Internet browser.

    And the introduction about Reverse proxies and certificates

    Many Exchange deployments use reverse proxies to publish Exchange services on the Internet. Reverse proxies can be configured to terminate SSL encryption, examine the traffic in the clear on the server, and then open a new SSL encryption channel from the reverse proxy servers to the Exchange servers behind them. This is known as SSL bridging. Another way to configure the reverse proxy servers is to let the SSL connections pass straight through to the Exchange servers behind the reverse proxy servers. With either deployment model, the clients on the Internet connect to the reverse proxy server using a host name for Exchange access, such as mail.contoso.com. Then the reverse proxy server connects to Exchange using a different host name, such as the machine name of the Exchange Client Access server. You don't have to include the machine name of the Exchange Client Access server on your certificate because most common reverse proxy servers are able to match the original host name that's used by the client to the internal host name of the Exchange Client Access server.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
     


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.