Exchange 2010 CAS coexist with Exchange 2003 and UCC certificate

I have an existing Exchange 2003 environment.  The certificate we use for OWA/ActiveSync is a UCC cert that we use for our OCS environment as well as a website, so there are six names on the certificate in all (using SANS).  I understand the process of moving our production mail server certificate to the new Exchange 2010 environment and then giving our Exchange 2003 environment a certificate with a name like legacymail.domain.com, but how do I go about this?  I know I'll need to get the legacymail.domain.com name on the cert and that will be the new cert for our Exchange 2003 server.  But do I create the CSR off the 2003 Exchange server for legacymail.domain.com, then add it to our UCC cert?  Then move the original existing mail.domain.com cert to Exchange 2010? (therefore never really having Exchange 2010 produce a CSR)
jpletcher1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
you got the idea right,

Export the UCC certificate you have from 2003 WITH private keys and install it on 2010 and configure it to be used for IIS

then create another certificate with legacy.domain.com for your 2003
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jpletcher1Author Commented:
So once I have that setup, and legacy OWA clients from the outside connect to the Exchange 2003 server, will I have to make legacy.domain.com an external DNS entry and also come up with the new external IP and open through the firewall, or does all that go through the 2010 CAS still?
0
AkhaterCommented:
legacy.domain.com should be pointing to your 2003 server so yes you will need both to be internet facing
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jpletcher1Author Commented:
Ok.  So I can't just change our firewall NAT rule to point our current advertised Exchange 2003 facing IP to point to the Exchange 2010 server and call it good?  I'd have to give our new Exchange 2010 setup it's own Internet facing IP, then change our public DNS for mail.domain.com to point to it, and then assign our former Exchange 2003 advertised IP address to the new DNS entry of legacy.domain.com?  

This seems like a lot of extra configuring and I might just be inclined to try and do a full move some night rather than transition over in phases.
0
AkhaterCommented:
You cannot do that one one single IP since your exchange 2010 will not proxy your 2003 requests.

If you have ISA server it is doable though
0
jpletcher1Author Commented:
Thanks for the help.  I have another question about certificates and names, but I'll make that another question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.