Adding a second SSL certificate for new domain in Exchange 2003

Posted on 2012-09-09
Last Modified: 2012-11-12
I have a customer who wants a second domain for email setup.  They have 2 separate SSL certificates for the email domain - and have bought another for

They should have bought a SAN certificate but didn't. Is this an easy task to apply two SSL certificates for OWA? I setup a temp IIS website to generate the CSR for

I'm not worried about the recipient policies. But I've never applied two certificates for Exchange before.  Can someone point me in the right direction?  I'm not sure whether you can have both IIS website operating side-by-side and how does navigating to the external OWA website work?

They are migrating to the new domain later this year.
Question by:gambit120
    LVL 63

    Expert Comment

    by:Simon Butler (Sembee)
    SSL certificates are bound to an IP address and port. You cannot share either.
    Therefore you must have two internal and two external IP addresses.
    Yet that only applies to OWA, autodiscover internally will only use the default host name, and Outlook Anywhere can only use the default web site.

    Personally I would speak to the SSL provider and look to drop the certificates and swap them for a Unified Communications certificate so you can put both names on to the same certificate.


    Author Comment

    The reason a SAN/UCC certificate was not chosen was because you can only have one master domain then sub-domains under it.  Currently they have  A SAN certificate will only allow or not as well as

    Their plan is to migrate to a new company name while keeping the old one for a while as well for 6-12months.  The new company name is what all users will be migrating too eventually.  Is there a way in DNS to perform some sort of redirection? Not sure...
    LVL 63

    Accepted Solution

    That is incorrect. Whoever told you that gave you wrong information. It sounds like you may be confusing the UC certificate with a wildcard certificate.
    A UC/SAN certificate allows any combination of domains to be listed - I personally have sites with .com, and .net names in the certificate.

    Therefore you can get a suitable certificate easily that will cover the names that you require, and my advice from above still applies.


    Author Comment

    I UCC/SAN was bought for the customer.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now