Switching from self-signed certificates to commerical TLS/SSL cert: will it work the way I expect?

ssl-certificate email rhel7 exchange-2016

Solution 1:

I am trying to solve two problems: externally, many email recipients report delivery to junk/spam mail, although we're not on any blacklists and our reputation is neutral; and internally, browsers complain about the self-signed certs and some deny access entirely.

To solve the first problem, you may need to setup SPF/DKIM/DMARC records in the public DNS for your domain. It is not really a problem related to certificates.

You can find many documents on the Internet about this topic.

To solve the second problem, you can either import the self-signed certificates to the Trusted Root Certification Authorities of the client devices to have them trust these certificates, or use a commercial certificate which by default will be trusted by the clients.

Here is a Microsoft document about Exchange certificates which may be helpful for your reference: Digital certificates and encryption in Exchange Server

Related

windows 10 port forwarding 445
Configuring IIS to use multiple application pools for a single website
Apache 2.4 ignoring basic authentication
Link a GPO to an OU or security group, Who will win?
"535 5.7.8 Error: authentication failed: authentication failure" with postfix and dovecot sasl authentication
Apache error "could not bind to adress"
What are the numbers for in these LDAP commands ? ldap(3), slapd(8), slapd.conf(5), slurpd(8)
OpenSCAP ssh with keyfile
Spamhaus PBL stops email even though SMTP-AUTH is enabled
How to forbid usage of web.config files?
My domain seems to be hijacked
Ignore chrony source with obviously wrong time