My employer is rebranding and wants OWA and active sync available on our current web domain name and the new web domain name. Curious if this possible and what steps need to be taken. Our current domain name offers OWA/EAC through our threat mgmt gateway 2010 server.

From initial research it looks like this is possible just not sure the best way.

Currently have a standard ssl from network solutions installed on the exchange 2007 client access server and that cert was exported to our TMG2010 server in our DMZ to handle external OWA/EAS request.

Can I just buy another SSL cert with our new domain name and install it to our client access server and export to our TMG2010 server? keeping both domain names functional?

Should I delete our current SSL cert and buy a SAN cert that includes both old and new domain names and install it on our client access server/export to our TMG2010 server?

any ideas suggestions? thanks in advance for any help...

Depending on its expiry date, it's could be cheaper and easer to have the existing certificate reissued with additional SANs.  These things work a lot better when you leave both domains in place during a transition period, and for a certificate that would mean for the life of the certificate since there is no need to remove SANs.  You'll need to add autodiscover.newdomain.com as a SAN in the certificate, and you'll probably want to add mail.newdomain.com (or whatever you use) as well.

just to be clear we won't be changing our AD domain name or anything just the web address the public and employees will use to reach our resources.

Is it OK to add SAN certificate that services 2 web domain names (ie www.oldcompany.com and www.newcompany.com) on one exchange 2007 client access server?

 Would I have to setup an additional IIS directory to handle the 2nd web domain name to handle OWA and EAS?

I just can't seem to find much documentation on how to have one exchange 2007 client access server answer owa and EAS requests for 2 different web urls  (ie www.oldcompany.com and www.newcompany.com)?

I strongly recommend using a CNAME (or A) record for a different name than the server name for access, such as owa.company.com or webmail.company.com.  If you do that, the minimum you need to put in the certificate is that name plus Autodiscover.company.com.  There is generally no requirement to put the server name in the certificate.  But there is also no restriction on doing so except when you have a local domain that isn't registered to you on the Internet because many certificate writers won't issue them with such domain names.

thanks Ed for your responses to my question. was able to get where we needed with a new SAN cert that included both domain names, installed SAN ssl cert on our CAS server, and exported that to our forefront tmg 2010 server, then on the forefront server just had to add the new domain name to the public names on that forefront 'listener'...

of course also had to add an a record for that new owa/eas public dns address for the new domain name...

cheers!!!

You're welcome, happy to have helped.  Please feel free to mark responses as helpful or the answer as appropriate.