No announcement yet.

Exchange 2007 SSL certificate swap

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 SSL certificate swap

    Our current production environment has the external name on a single name cert of The users have that in the connection settings of their phones and devices. I wanted to change the external name since the current one is just the internal FQDN of the exchange server to our external domain I have purchased a UCC San certificate with the common name and added the autodiscover, server name & FQDN and internal/external domain names as alternative names. My question is, if I swap out and install the certificate will the devices using the old FQDN name start having issues or diplaying certificate errors till the connect with the correct name? I want to schedule a time to replace the names on the devices but wanted to swap the name out before hand to get our e change server ready for migration. The only other method I can think of is to create the new cert with the common name and add the and other names as subject alternatives. Thanks

    *obviously I changed the dns names to generics
    Last edited by ITbystander; 22nd January 2014, 20:41.

  • #2
    Re: Exchange 2007 SSL certificate swap

    as long as the internal and external URLs match the hostnames on the UCC it will be fine.

    ie, if you previously had on the SSL certificate, and that was your autodiscover and owa/ecp address and it worked
    and you now have ; mail.domain.local on the UCC, and is still your external address, then yes it should work

    assuming I understand correctly
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Exchange 2007 SSL certificate swap

      If you want to change the host name that is used by Exchange, then the usual method is to add the old name as one of the additional names to the SSL certificate. That way you will catch all of the traffic, but as time goes on, everyone will use the new preferred host name.

      If it is more expensive to have the additional names, then do a single year certificate with the additional names, then ensure that everything has been changed. Next year remove the old name.

      Simon Butler
      Exchange MVP

      More Exchange Content:
      Exchange Resources List:
      In the UK? Hire me:

      Sembee is a registered trademark, used here with permission.


      • #4
        Re: Exchange 2007 SSL certificate swap

        Thanks guys for the input, luckily the single name ssl will work fine for the office 365 batch mail sync so I don't have to swap the cert for the migration. Good to know though for sure. I wasn't sure if the common name was more specific to certain services but it seems the common name and SAN names are equal in value in this case. Thanks