Exchange Server with 2 Certificates for Webmail??

Posted on 2009-04-15
Last Modified: 2012-05-06
Ok...about a year ago i got a certificate for and we have been getting along fine.  Now we have to change our domain name too  The DNS zone file has already been created for  I know what changes i need to make for all of our internal clients but what about webmail?  Is it possilbe to have 2 certs on one server?  I really need both to stay active atleast for awhile...we have users with iphones..ect.  How do i set up the server where webmail can be accessed for both and I have some users i can't get to "out in the field".  I should mention the AD domain is different from both and so logging in will not be a problem.  Please help!  Is it possible to modify the existing certificate  and change to ?  What are my options here and links to step by stepwould be useful. Thanks in advance...
Question by:mcwllc
    LVL 6

    Expert Comment

    I would replace the certificate for domain1 with the new certificate for domain2, then configure the DNS zone for domain1 to redirect to domain2.

    If security is not a huge concern, you could of course disable the requirement of SSL during the transition.

    Author Comment

    technically they both point to the mail server so i am guessing that part is already done...wondering about how i would handle redirection on the server.  As of now the zone file has propagated across the net...but if you goto you get the login prompt but once you try to authenticate it goes to page not found....understandable since there is nothing in IIS for
    LVL 65

    Accepted Solution

    Unless you are using host headers, then you don't configure anything in IIS for each domain. You cannot use host headers for SSL, so going to and would go to the same server if they are pointing at the same address. However you can only have one certificate in place for each server so users browsing to the host host would get a warning.

    Two ways I can think of to deal with this.

    1. If you have a second external IP address, it is to put a second IP address on to the Exchange server, create a second web site in IIS for the original domain and put the SSL certificate on to it. The only thing that web server does is redirect the traffic to the correct address, so would require a file in the root and a file in a directory called Exchange. You would then update the DNS for the original host to point to the new IP address, set the forward on the firewall etc.

    2. Purchase a SAN/UC certificate. These are the certificates used for Exchange 2007 and support multiple names. That would allow you to set the Common Name as your preferred domain on the new domain and then an additional name would be your old name. These are more expensive than standard certificates and if you have an existing certificate with time to run, the first option would allow you to make best use of that.


    Author Comment

    Will SAN\UC certificates work with Exchange 2003? This is what i'm running on the server.
    LVL 65

    Expert Comment

    SAN/UC certificates are an IIS thing, not an Exchange thing. They were introduced for Exchange 2007, but there is nothing to stop them being used with Exchange 2003 or even IIS servers with no Exchange involved.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Wish Marketing would stop bothering you?

    Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

    Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
    Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now