Changing CAS certificate for primary email domain change
Hi we've recently changed our primary SMTP domain (ex2010SP1). Part of this move is requiring me to change all related hostnames such as OWA, OA and obviously the autodiscover record to match the new domain in use.
Can I re-use my existing SAN cert without changing the CN - just add more SANs? Would love to just re-key this one so that I can prep the certificate part beforehand...and just flip the switch on the name changes in powershell at a later date.
Thanks in advance.
February 8th, 2012 6:41pm
Don't know if this will work with Exchange 2010. It did work with Lync when we needed an addional name for Lync Mobility services.
You'll need this tool: SL Certificate Management & Troubleshooting Tool
https://www.digicert.com/util/
Follow the logic here:
Simple Certificate Requests in Lync
http://blog.schertz.name/tag/certificates/
Please tell us if it works with Exchange.MCTS: Messaging | MCSE: S+M
Free Windows Admin Tool Kit Click here and download it now
February 8th, 2012 7:13pm
Thanks Jon-Alfred. DigiCert really is the way to go for UC certs. I use them for both Lync and Exchange. It does make sense that the Lync cert would work. I'm just wondering if anything tied to how a client accesses OWA or OA will
barf if the appropriate name isn't in the CN.
I know I can use the set-outlookprovider -identity EXPR -certprincipal name command in exchange to make sure that Outlook Anywhere config should be happy using the same CN on cert....more worried about the OWA I guess.
Cool utility - I think I've used it before, but always forget Jeff's blog....great resource. I'll let you know how it goes.
February 8th, 2012 7:30pm
Don't know if this will work with Exchange 2010. It did work with Lync when we needed an addional name for Lync Mobility services.
You'll need this tool: SL Certificate Management & Troubleshooting Tool
https://www.digicert.com/util/
Follow the logic here:
Simple Certificate Requests in Lync
http://blog.schertz.name/tag/certificates/
Please tell us if it works with Exchange.MCTS: Messaging | MCSE: S+M
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 3:05am
Hello,
Share with you a nice article:
More on Exchange 2007 and certificates - with real world scenario
http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx
Based on my experience, you need to include at least:
1. External OWA name
2. autodiscover.domain.com
Thanks,
Simon
February 12th, 2012 12:45pm
Hi Simon - that post goes nowhere :) . 'Blog not found'...
At any rate, yep I'm aware that I need an autodiscover SAN (and several more) - I was just wondering if I could re-use my existing certificate *in its current common name config* (still pointing to 'mail.olddomain.com' for CN)...and just add the new primary
OWA hostname as a SAN.
I think I'm going to try to go the wildcard route at first. I'll just leave this one semi-answered.
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2012 5:07pm
Hello,
Sorry, I am not aware that the blog has been removed recently.
For the External autodiscover, it is hard coded to use a solid format like autodiscover.SMTPAddressSuffix.
It is not recommended to use a wildcard certificate by Microsoft since some activesync device may not support the wildcard.
Thanks,
Simon
February 13th, 2012 1:13am
Hello,
Sorry, I am not aware that the blog has been removed recently.
For the External autodiscover, it is hard coded to use a solid format like autodiscover.SMTPAddressSuffix.
It is not recommended to use a wildcard certificate by Microsoft since some activesync device may not support the wildcard.
Thanks,
Simon
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2012 9:10am