Exchange 2007 SSL certificate swap

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 Exchange 2007 SSL certificate swap

This topic contains 3 replies, has 4 voices, and was last updated by  premil 4 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author

  • ITbystander

    Our current production environment has the external name on a single name cert of The users have that in the connection settings of their phones and devices. I wanted to change the external name since the current one is just the internal FQDN of the exchange server to our external domain I have purchased a UCC San certificate with the common name and added the autodiscover, server name & FQDN and internal/external domain names as alternative names. My question is, if I swap out and install the certificate will the devices using the old FQDN name start having issues or diplaying certificate errors till the connect with the correct name? I want to schedule a time to replace the names on the devices but wanted to swap the name out before hand to get our e change server ready for migration. The only other method I can think of is to create the new cert with the common name and add the and other names as subject alternatives. Thanks

    *obviously I changed the dns names to generics


    Re: Exchange 2007 SSL certificate swap

    as long as the internal and external URLs match the hostnames on the UCC it will be fine.

    ie, if you previously had on the SSL certificate, and that was your autodiscover and owa/ecp address and it worked
    and you now have ; mail.domain.local on the UCC, and is still your external address, then yes it should work

    assuming I understand correctly


    Re: Exchange 2007 SSL certificate swap

    If you want to change the host name that is used by Exchange, then the usual method is to add the old name as one of the additional names to the SSL certificate. That way you will catch all of the traffic, but as time goes on, everyone will use the new preferred host name.

    If it is more expensive to have the additional names, then do a single year certificate with the additional names, then ensure that everything has been changed. Next year remove the old name.



    Re: Exchange 2007 SSL certificate swap

    Thanks guys for the input, luckily the single name ssl will work fine for the office 365 batch mail sync so I don’t have to swap the cert for the migration. Good to know though for sure. I wasn’t sure if the common name was more specific to certain services but it seems the common name and SAN names are equal in value in this case. Thanks

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.