We are in the process of migrating from Exchange 2007 to Exchange 2010. We created a SAN certificate with the principle name called contoso.test.com, but the AutodiscoverServiceInternalUri is set to the https://dc.contoso.test.com. ExBPA is giving me a error " The subject alternative name (SAN) of SSL certificate for https://dc.contoso.test.com/autodiscover/autodiscover.xml does not match the host address. Host address: dc.contoso.test.com. Currect SAN: DNS=contoso.test.com. The SAN does contain the name dc.contoso.test.com .. Thoughts?

I can only guess this is a bug. I have never deployed a certificate with this naming convention, using a mixture of sub.domain.com and sub.sub.domain.com. It is probably confusing things by having both types of names involved. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

As Simon said it may be a bug. However just to validate your certificate is good you can check the following: http://www.digicert.com/help/ (even if it's not a digicert certificate you can use this to test the chain and everything) https://www.digicert.com/util/ - small utility that can also be useful https://www.testexchangeconnectivity.com/ - test external access which will validate the cert as well. Chris Morgan