Forgive me I do not fully understand the black art of certificates!

We have a DAG with 6 Exchange 2013 CU7 servers.  Each server has the same internal Certificate Authority issued certificate installed for Exchange and was setup by consultants.

We are now looking to configure EXUM and I would like to know if we should be looking at using the same certificate for UM or if we should be looking at getting a new certificate for UM?

If we should be using the existing certificate would it need to be installed in Lync?

If a new certificate is recommended what is guidelines for required certificate?

I am going round in circles looking for definitive instructions without much luck.  A steer in the right direction to the best document to follow for setting up UM would be much appreciated.

The current certificate details are as follows

Name :- Exchange Internal Cert

Issuer  :- Is the internal CA

Subject :- CN=ExchangeCert

Subject Alternative Names :- contains ExchangeCert, 6 servers FQDN, 6 Servers hostnames, the FQDN for each of the Exchange services E.g. eac,owa.

• Moved by Winnie LiangMicrosoft contingent staff, Moderator Friday, May 22, 2015 3:04 AM

The SAN should have all names of the Exchange UM server included, than you can assign the same certificate without problems.

Thanks for your reply. 

The certificate I was using had all the Exchange UM servers list in the SAN but I was getting an event about every minute in the Event log.  I ended up logging a call with Microsoft and I was advised to create a separate certificate for each Exchange server with the FQDN in the subject.  This stopped the event appearing in the event log.

• Proposed as answer by Holger Bunkradt 21 hours 29 minutes ago