[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 628
  • Last Modified:

Exchange 2003 - 2010 CAS Proxying and Certs

Hi there,

I've built an Exchange 2010 Environment consisting of two Mailbox servers and two combined hub/cas servers.

We also have an existing Exchange 2003 environment(single server).

I understand you can use the "Exchange2003Url" paramater to redirect users still with 2003 mailboxes to the old 2003 OWA.

The existing external address is https://owa.lon.companyname.com and SSL secured.

My plan is to create a new UCC cert with the same common name and the required SAN names(including names for the old 2003 exchange). This will revoke the old cert on the 2003 server I assume.

Will I be able to install that UCC cert onto the old 2003 server so when users get redirected there are no cert issues.


0
Matsco
Asked:
Matsco
  • 4
  • 3
  • 2
2 Solutions
 
AkhaterCommented:
yes I do this all the time without any issues
0
 
endital1097Commented:
yes, install the cert on both the cas and 2003 servers
otherwise you will get cert warnings
0
 
MatscoAuthor Commented:
When I install that UCC cert on the old exchange it will have the same common name as the new CAS.

Wont I actually need a 2nd cert with a different common name for the old exchange? So I can say redirect to this different address.

Im not so sure if I use the "Exchange2003Url" to redirect to the old server
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
AkhaterCommented:
there is no problems having the same UCC certificate on both I do it all the time

for your other part of the question please read this article of mine, it will save me a lot of rewrite

http://www.zerohoursleep.com/2010/01/installing-your-first-exchange-2010-cas-or-the-truth-about-exchange2003url-part-1/
0
 
MatscoAuthor Commented:
I have read your article actually! Still not 100% confident tho.

So for my clarification (I appreciate your patience).

My UCC cert will contain all the reguired SAN names + the names of the old exchange and legacy.lon.companyname.com.

I create a new A record - legacy.lon.companyname.com that points to the old exchange. I then run the Exchange2003Url with legacy.lon.companyname.com as the 2003 exchange.

We revoke the old single name cert and install new UCC onto Exch2010 CAS and also the 2003 server.

Exch2010 then redirects to 2003 if required. When it redirects to legacy.lon.companyname.com im worried it will complain about certs? 2003 doesnt support UUC SAN does it?

0
 
AkhaterCommented:
It will not complain since the legacy.lon.company.com is in the SANs of the certificate
0
 
MatscoAuthor Commented:
So the 2003 server will recognise the SAN's in that cert?
0
 
AkhaterCommented:
yes it will
0
 
endital1097Commented:
as long as the fqdn of the url being access is contained within the subject names of the certificate you will not get any warnings (the purpose of a SAN cert)
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now