Exchange 2010 SSL Certificate for Multiple SMTP Domains


Need some help with creating a new SSL Certificate for our Exchange 2010 project. Getting confused becuase we have 3 separate domains and a totally separate domain to log OWA into.

(Bogus Certificates given as examples)

CURRENT SETUP - Was done by an earlier engineer
We are currently running Exchange 2003 with a FrontEnd Server. Certificate used:

We have three SMTP domains setup in Exchange 2003:

Once the user logs in via IE/ActiveSync or RPC over HTTPs, they login to their respective domain.

EXCHANGE 2010 Two CAS Servers and one Mailbox/Hub Server at HQ
One CAS Server and Mailbox/Hub at DR site

I want to go ahead and purchase a certificate so that all existing remote connections do not get effected by the upgrade. ie Once I install the first CAS server and then the array, I want all the existing 2003 mail users using the legacy option as I slowly start to migrate the users.

I am confused as to what I need to buy in terms of a wildcard certificate.  I need the wildcard as we have several other subdomains that we use.  I was thinking of just getting the * certificate and that should work, but then how and where do I setup the three domains listed above along with the legacy address

Who is Participating?
Adam BrownSr Solutions ArchitectCommented:
You *should* be able to do a hybrid wildcard with Subject Alternative Names, but I haven't tried that before. Basically, when generating the SSL cert, you would set the CN for the cert as * and then add,, and as Subject Alternative Names. Like I said, I haven't tried that before so I don't know if third party CAs will accept CSRs that do that. But that is how you'd go about it.
cybernaz67Author Commented:
I'm using these guys:

I was looking at a SAN cert, But, because we need to also add several other subdomains for two of the other ones, I am thinking that it will be easier to also add * and *
Adam BrownSr Solutions ArchitectCommented:
Honestly, I'd give digicert a call and see if they can do a Wildcard cert that also has wildcard SANs on it. Everything kind of depends on what the CA is willing to do, and since I don't work for them I can't tell you for certain.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.