Thanks Michael. IAnd indeed runiing *Get-ExchangeCertificate |FL shows* a self-signed cert expiring a year from the original install date.
So more reading & for those interested (and if not going with commercial CA), renewal procs here http://msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/ On Thu, Aug 25, 2011 at 8:14 AM, Michael B. Smith <mich...@smithcons.com>wrote: > All communication between Exchange servers is encrypted. Exchange will > also attempt to encrypt communications with other non-Exchange SMTP servers. > If you install a third-party cert on your HT, the encryption with > non-Exchange servers (and between HTs in the same Exchange organization) > uses a standard TLS mechanism. Otherwise, Exchange will attempt to use > non-standard extension to the TLS mechanism based on a self-signed cert > (MSFT has submitted the extension to the standard to the IETF, but I don’t > know where that stands).**** > > ** ** > > So…. “needed” is a strong word. Recommended.**** > > ** ** > > Regards,**** > > ** ** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > ** ** > > *From:* David Liu [mailto:ganymed...@gmail.com] > *Sent:* Thursday, August 25, 2011 12:53 AM > > *To:* MS-Exchange Admin Issues > *Subject:* Re: Exchange 2007 Hub Transport Certificate**** > > ** ** > > Sorry if I'm jumping in this late but I'm reviewing all the threads gearing > up for our own transition to 2010 and asking questions as they come up in my > head: **** > > ** ** > > I didn't know a cert was needed for HT's? Not unless the HT is also acting > as a CAS _and_ exposed to the outside ? **** > > ** ** > > ** ** > > ** ** > > On Tue, May 31, 2011 at 8:57 AM, Michael B. Smith <mich...@smithcons.com> > wrote:**** > > Ok, the next question would be: why are you using a self-signed certificate > for this instead of a third-party signed certificate?**** > > **** > > Anyway, you can use group policy to distribute the certificate if you > really need/want to. Given that a single-name certificate is about USD $20 > from certificatesforexchange.com – I wouldn’t consider it worth it.**** > > **** > > Regards,**** > > **** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > **** > > *From:* McCready, Rob [mailto:rob.mccrea...@dplinc.com] > *Sent:* Tuesday, May 31, 2011 8:51 AM**** > > > *To:* MS-Exchange Admin Issues > *Subject:* RE: Exchange 2007 Hub Transport Certificate**** > > **** > > Well, we have some users that occasionally have a pop up that says….your > certificate is out of date….click to install…. I’d like to eliminate that. > > Another issue is, I’m trying to test IMAP (with SSL) using Outlook 2007. > The local PC needs a valid copy of the latest certificate for a successful > connection. I keep getting a certificate error when trying to connect to > Exchange using IMAP.**** > > **** > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Tuesday, May 31, 2011 8:41 AM > *To:* MS-Exchange Admin Issues > *Subject:* RE: Exchange 2007 Hub Transport Certificate**** > > **** > > What problem are you trying to solve?**** > > **** > > Seriously, it sounds to me as if you are just trying to make more work for > yourself. J**** > > **** > > Regards,**** > > **** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > **** > > *From:* McCready, Rob [mailto:rob.mccrea...@dplinc.com] > *Sent:* Tuesday, May 31, 2011 8:34 AM > *To:* MS-Exchange Admin Issues > *Subject:* Exchange 2007 Hub Transport Certificate**** > > **** > > We setup our Exchange 2007 Environment in September 2007. We’ve renewed > the Hub Transport Self Signed certificate every year. However, that update > doesn’t appear to push to the local computers. When I check a *local*PC’s > certificates under “Trusted Root Certification Authorities”, the Hub > Transport certificate listed is the original one, which expired in 2008. > When I look on the *Hub Transport server* itself, the latest renewed > certificate says it expires on 10/31/2011. How can I get the local > computers to update to the current Hub Transport certificate?**** > > > Thanks,**** > > > Rob**** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist**** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist**** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist**** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist**** > > ** ** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist**** > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist