Exchange 2013 – Self Signed Certificate Creation

MS Exchange

Exchange 2013 gives admin the option to create a new self signed certificate. But why?

The first recommendation around certificates in Exchange is to remove the self signed one and replace it with either an internal PKI or third party certificate. It is the same for Exchange 2013 as well. But, the Exchange Team has provided us with an option to create a new self signed one using the EAC or Shell.

Launch EAC, navigate to Servers –> Certificates. Selecting the “+” button brings up the option to create a new cert.

Create self signed cert in Exchange 2013

Running through the windows to create a self signed cert gives you the same option as creating any other cert. You can even add the urls that you want, say mail.domain.com & autodiscover.domain.com (the ones we add in internal PKI or third party cert).

Any urls in self signed cert

Given that it won’t be trusted by the clients and have to be replaced, what is the product group’s thinking behind this move? I am sure there is a valid reason!

Other Popular Articles


MS Exchange

Keep Track Of Exchange 2013 Database Failovers

MS Exchange

Playing With Exchange 2013 Performance Logs

MS Exchange

Tackle .Net Framework 4.6.1 On Exchange Servers

2 thoughts on “Exchange 2013 – Self Signed Certificate Creation”

Leave a Comment