Adding a second SSL certificate for new domain in Exchange 2003

Posted on 2012-09-09
Medium Priority
Last Modified: 2012-11-12
I have a customer who wants a second domain for email setup.  They have 2 separate SSL certificates for the email domain - domain1.com and have bought another for domain2.com.

They should have bought a SAN certificate but didn't. Is this an easy task to apply two SSL certificates for OWA? I setup a temp IIS website to generate the CSR for domain2.com.

I'm not worried about the recipient policies. But I've never applied two certificates for Exchange before.  Can someone point me in the right direction?  I'm not sure whether you can have both IIS website operating side-by-side and how does navigating to the external OWA website work?

They are migrating to the new domain later this year.
Question by:gambit120
  • 2
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38383058
SSL certificates are bound to an IP address and port. You cannot share either.
Therefore you must have two internal and two external IP addresses.
Yet that only applies to OWA, autodiscover internally will only use the default host name, and Outlook Anywhere can only use the default web site.

Personally I would speak to the SSL provider and look to drop the certificates and swap them for a Unified Communications certificate so you can put both names on to the same certificate.


Author Comment

ID: 38384962
The reason a SAN/UCC certificate was not chosen was because you can only have one master domain then sub-domains under it.  Currently they have companyname.blah.blah.com.  A SAN certificate will only allow mail.companyname.blah.blah.com or webmail.companyname.blah.blah.com not companyname.blah.blah.com as well as companyname2.blah.blah.com

Their plan is to migrate to a new company name while keeping the old one for a while as well for 6-12months.  The new company name companyname2.blah.blah.com is what all users will be migrating too eventually.  Is there a way in DNS to perform some sort of redirection? Not sure...
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 38392228
That is incorrect. Whoever told you that gave you wrong information. It sounds like you may be confusing the UC certificate with a wildcard certificate.
A UC/SAN certificate allows any combination of domains to be listed - I personally have sites with .com, .co.uk and .net names in the certificate.

Therefore you can get a suitable certificate easily that will cover the names that you require, and my advice from above still applies.


Author Comment

ID: 38593062
I UCC/SAN was bought for the customer.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question