Hi we've recently changed our primary SMTP domain (ex2010SP1). Part of this move is requiring me to change all related hostnames such as OWA, OA and obviously the autodiscover record to match the new domain in use. Can I re-use my existing SAN cert without changing the CN - just add more SANs? Would love to just re-key this one so that I can prep the certificate part beforehand...and just flip the switch on the name changes in powershell at a later date. Thanks in advance.

Don't know if this will work with Exchange 2010. It did work with Lync when we needed an addional name for Lync Mobility services. You'll need this tool: SL Certificate Management & Troubleshooting Tool https://www.digicert.com/util/ Follow the logic here: Simple Certificate Requests in Lync http://blog.schertz.name/tag/certificates/ Please tell us if it works with Exchange.MCTS: Messaging | MCSE: S+M

Thanks Jon-Alfred. DigiCert really is the way to go for UC certs. I use them for both Lync and Exchange. It does make sense that the Lync cert would work. I'm just wondering if anything tied to how a client accesses OWA or OA will barf if the appropriate name isn't in the CN. I know I can use the set-outlookprovider -identity EXPR -certprincipal name command in exchange to make sure that Outlook Anywhere config should be happy using the same CN on cert....more worried about the OWA I guess. Cool utility - I think I've used it before, but always forget Jeff's blog....great resource. I'll let you know how it goes.

Don't know if this will work with Exchange 2010. It did work with Lync when we needed an addional name for Lync Mobility services. You'll need this tool: SL Certificate Management & Troubleshooting Tool https://www.digicert.com/util/ Follow the logic here: Simple Certificate Requests in Lync http://blog.schertz.name/tag/certificates/ Please tell us if it works with Exchange.MCTS: Messaging | MCSE: S+M

Hello, Share with you a nice article: More on Exchange 2007 and certificates - with real world scenario http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx Based on my experience, you need to include at least: 1. External OWA name 2. autodiscover.domain.com Thanks, Simon

Hi Simon - that post goes nowhere :) . 'Blog not found'... At any rate, yep I'm aware that I need an autodiscover SAN (and several more) - I was just wondering if I could re-use my existing certificate *in its current common name config* (still pointing to 'mail.olddomain.com' for CN)...and just add the new primary OWA hostname as a SAN. I think I'm going to try to go the wildcard route at first. I'll just leave this one semi-answered.

Hello, Sorry, I am not aware that the blog has been removed recently. For the External autodiscover, it is hard coded to use a solid format like autodiscover.SMTPAddressSuffix. It is not recommended to use a wildcard certificate by Microsoft since some activesync device may not support the wildcard. Thanks, Simon

Hello, Sorry, I am not aware that the blog has been removed recently. For the External autodiscover, it is hard coded to use a solid format like autodiscover.SMTPAddressSuffix. It is not recommended to use a wildcard certificate by Microsoft since some activesync device may not support the wildcard. Thanks, Simon