Exchange 2010 SSL Certificate for Multiple SMTP Domains


Need some help with creating a new SSL Certificate for our Exchange 2010 project. Getting confused becuase we have 3 separate domains and a totally separate domain to log OWA into.

(Bogus Certificates given as examples)

CURRENT SETUP - Was done by an earlier engineer
We are currently running Exchange 2003 with a FrontEnd Server. Certificate used:

We have three SMTP domains setup in Exchange 2003:

Once the user logs in via IE/ActiveSync or RPC over HTTPs, they login to their respective domain.

EXCHANGE 2010 Two CAS Servers and one Mailbox/Hub Server at HQ
One CAS Server and Mailbox/Hub at DR site

I want to go ahead and purchase a certificate so that all existing remote connections do not get effected by the upgrade. ie Once I install the first CAS server and then the array, I want all the existing 2003 mail users using the legacy option as I slowly start to migrate the users.

I am confused as to what I need to buy in terms of a wildcard certificate.  I need the wildcard as we have several other subdomains that we use.  I was thinking of just getting the * certificate and that should work, but then how and where do I setup the three domains listed above along with the legacy address

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
You *should* be able to do a hybrid wildcard with Subject Alternative Names, but I haven't tried that before. Basically, when generating the SSL cert, you would set the CN for the cert as * and then add,, and as Subject Alternative Names. Like I said, I haven't tried that before so I don't know if third party CAs will accept CSRs that do that. But that is how you'd go about it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cybernaz67Author Commented:
I'm using these guys:

I was looking at a SAN cert, But, because we need to also add several other subdomains for two of the other ones, I am thinking that it will be easier to also add * and *
Adam BrownSr Solutions ArchitectCommented:
Honestly, I'd give digicert a call and see if they can do a Wildcard cert that also has wildcard SANs on it. Everything kind of depends on what the CA is willing to do, and since I don't work for them I can't tell you for certain.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.