Score:0

Switching from self-signed certificates to commerical TLS/SSL cert: will it work the way I expect?

mq flag

New to the world of commercial certs, thanks in advance for any advice/guidance.

Our only outbound service is email, hosted on MS Exchange 2016 (2019 in medium-term future). Internally we have several services with browser interfaces. Most of these are hosted on MS Server 2016 boxes (also 2019 in medium-term future) but one is on RHEL 7.

I am trying to solve two problems: externally, many email recipients report delivery to junk/spam mail, although we're not on any blacklists and our reputation is neutral; and internally, browsers complain about the self-signed certs and some deny access entirely.

My reading suggests that I want a wildcard TLS/SSL certificate. Looks like I can install on multiple servers, both internal and external, as long as they all know the private key that generated the original CSR.

Am I reading internet info correctly, and do you see any red flags in what I'm trying to do? Thanks very much.

joeqwerty avatar
cv flag
**externally, many email recipients report delivery to junk/spam mail** - This isn't related to your SSL certificate.
Score:1
pl flag

I am trying to solve two problems: externally, many email recipients report delivery to junk/spam mail, although we're not on any blacklists and our reputation is neutral; and internally, browsers complain about the self-signed certs and some deny access entirely.

To solve the first problem, you may need to setup SPF/DKIM/DMARC records in the public DNS for your domain. It is not really a problem related to certificates.

You can find many documents on the Internet about this topic.

To solve the second problem, you can either import the self-signed certificates to the Trusted Root Certification Authorities of the client devices to have them trust these certificates, or use a commercial certificate which by default will be trusted by the clients.

Here is a Microsoft document about Exchange certificates which may be helpful for your reference: Digital certificates and encryption in Exchange Server

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.