Exchange 2010 CAS coexist with Exchange 2003 and UCC certificate

I have an existing Exchange 2003 environment.  The certificate we use for OWA/ActiveSync is a UCC cert that we use for our OCS environment as well as a website, so there are six names on the certificate in all (using SANS).  I understand the process of moving our production mail server certificate to the new Exchange 2010 environment and then giving our Exchange 2003 environment a certificate with a name like legacymail.domain.com, but how do I go about this?  I know I'll need to get the legacymail.domain.com name on the cert and that will be the new cert for our Exchange 2003 server.  But do I create the CSR off the 2003 Exchange server for legacymail.domain.com, then add it to our UCC cert?  Then move the original existing mail.domain.com cert to Exchange 2010? (therefore never really having Exchange 2010 produce a CSR)
jpletcher1Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
AkhaterConnect With a Mentor Commented:
you got the idea right,

Export the UCC certificate you have from 2003 WITH private keys and install it on 2010 and configure it to be used for IIS

then create another certificate with legacy.domain.com for your 2003
0
 
jpletcher1Author Commented:
So once I have that setup, and legacy OWA clients from the outside connect to the Exchange 2003 server, will I have to make legacy.domain.com an external DNS entry and also come up with the new external IP and open through the firewall, or does all that go through the 2010 CAS still?
0
 
AkhaterConnect With a Mentor Commented:
legacy.domain.com should be pointing to your 2003 server so yes you will need both to be internet facing
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
jpletcher1Author Commented:
Ok.  So I can't just change our firewall NAT rule to point our current advertised Exchange 2003 facing IP to point to the Exchange 2010 server and call it good?  I'd have to give our new Exchange 2010 setup it's own Internet facing IP, then change our public DNS for mail.domain.com to point to it, and then assign our former Exchange 2003 advertised IP address to the new DNS entry of legacy.domain.com?  

This seems like a lot of extra configuring and I might just be inclined to try and do a full move some night rather than transition over in phases.
0
 
AkhaterConnect With a Mentor Commented:
You cannot do that one one single IP since your exchange 2010 will not proxy your 2003 requests.

If you have ISA server it is doable though
0
 
jpletcher1Author Commented:
Thanks for the help.  I have another question about certificates and names, but I'll make that another question.
0
All Courses

From novice to tech pro — start learning today.