Exchange 2013 gives admin the option to create a new self signed certificate. But why?
The first recommendation around certificates in Exchange is to remove the self signed one and replace it with either an internal PKI or third party certificate. It is the same for Exchange 2013 as well. But, the Exchange Team has provided us with an option to create a new self signed one using the EAC or Shell.
Launch EAC, navigate to Servers –> Certificates. Selecting the “+” button brings up the option to create a new cert.
Running through the windows to create a self signed cert gives you the same option as creating any other cert. You can even add the urls that you want, say mail.domain.com & autodiscover.domain.com (the ones we add in internal PKI or third party cert).
Given that it won’t be trusted by the clients and have to be replaced, what is the product group’s thinking behind this move? I am sure there is a valid reason!