Exchange 2007 SSL certificate swap

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 Exchange 2007 SSL certificate swap

This topic contains 3 replies, has 4 voices, and was last updated by  premil 4 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts

  • ITbystander
    Member
    #163086

    Our current production environment has the external name on a single name cert of exchange.test.net. The users have that in the connection settings of their phones and devices. I wanted to change the external name since the current one is just the internal FQDN of the exchange server to our external domain mail.external.com. I have purchased a UCC San certificate with the common name mail.external.com and added the autodiscover, server name & FQDN and internal/external domain names as alternative names. My question is, if I swap out and install the certificate will the devices using the old FQDN name start having issues or diplaying certificate errors till the connect with the correct name? I want to schedule a time to replace the names on the devices but wanted to swap the name out before hand to get our e change server ready for migration. The only other method I can think of is to create the new cert with the common name exchange.test.net and add the mail.external.com and other names as subject alternatives. Thanks

    *obviously I changed the dns names to generics


    tehcamel
    Moderator
    #359525

    Re: Exchange 2007 SSL certificate swap

    as long as the internal and external URLs match the hostnames on the UCC it will be fine.

    ie, if you previously had mail.domain.com on the SSL certificate, and that was your autodiscover and owa/ecp address and it worked
    and you now have mail.domain.com ; mail.domain.local on the UCC, and mail.domain.com is still your external address, then yes it should work

    assuming I understand correctly


    Sembee
    Member
    #261289

    Re: Exchange 2007 SSL certificate swap

    If you want to change the host name that is used by Exchange, then the usual method is to add the old name as one of the additional names to the SSL certificate. That way you will catch all of the traffic, but as time goes on, everyone will use the new preferred host name.

    If it is more expensive to have the additional names, then do a single year certificate with the additional names, then ensure that everything has been changed. Next year remove the old name.

    Simon.


    premil
    Member
    #389647

    Re: Exchange 2007 SSL certificate swap

    Thanks guys for the input, luckily the single name ssl will work fine for the office 365 batch mail sync so I don’t have to swap the cert for the migration. Good to know though for sure. I wasn’t sure if the common name was more specific to certain services but it seems the common name and SAN names are equal in value in this case. Thanks

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.