I've purchased and installed a SAN SSL cert, which includes the external FQDN, external autodiscover, internal FQDN, internal netbios name, and internal autodiscover.
It's installed and assigned for IMAP, POP, IIS, and SMTP, simply since those were the default services the self signed one from the install was assigned to.
Default install left me with six SSL certs before purchasing a third party one, and I assume the ones it generated for the subject names I've replaced with a valid third party cert can be deleted, but there are a couple I want to double check about since I'm assuming I need to just leave them in place since they appear to be other system level ones not associated with any normal subject name.
One is self signed with the internal local FQDN of the server, but also has a SAN showing "Other name" DS Object GUID=<long string> as well as that internal FQDN and was assigned SMTP only.
One is a subject "Sites" with a SAN showing DNS name sites, and a DNS name of the internal FQDN. Assigned SMTP only
One is a subject hame that has the "internal netbios name of the domain - internal netbios name of the server - CA" and has no subject alternate names. No services are assigned to this.
Last one in question the subject is "CN = WMSvc=WIN-<11 digit string> with no SAN and no services assigned to it.
The main one that was assigned the same services as my purchased SSL I already removed as it was just the normal names which i was replacing, but these other ones I didn't want to touch until I knew what functions they served. I don't mind leaving things on the server since it's working, but if any of these can be removed now that we have the SAN SSL, I'd like to do so simply to keep them from throwing nags in the logs when they expire in a year or two.
Thanks for any information.