The Microsoft Exchange Team is running a survey to collect customer feedback on SSL certificate management in Microsoft Exchange Server.
As the post says it is less than 10 minutes work to complete the survey.
I’ve just filled out the survey myself and it prompted a few thoughts on Exchange Server SSL certificate management.
For one thing, Exchange Server 2010 has much better certificate management tools than Exchange Server 2007. However the survey made me think of at least two ways that it could be improved.
- Add an option to the Exchange Management Console to skip the CRL check when enabling an SSL certificate for Exchange services. Currently if the CRL check fails (very common when servers are not permitted to access the web directly) the administrator sees an error. Though you can work around it with proxy settings this can also break the Exchange management tools completely if misconfigured. The other workaround is to enable the certificate using the Exchange Management Shell.
- Add an option to Exchange setup to use an internal Certificate Authority for the initial SSL certificate, if one is available. A lot of customers do use internal CA’s for the internal-facing Client Access servers, and this option would solve the Autodiscover certificate warnings that are caused by self-signed certificates.