Exchange 2003 to 2010 Coexist
I have Exch 2003 which was set up on the perimeter with its own public IP. It is the PDC/DNS server as well. We currently use a self signed cert for the Exchange 2003 (same server is the CA) I need to create a game plan for implementing a SAN/UCC cert with the needed DNS names:
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com
and exch2010.mycompany.local?
I'm not sure on the last one.
I'm being asked to create a self signed SAN from the PDC/CA for use with both servers. As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA. Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.
Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.
I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
autodiscover.mycompany.com
mail.mycompany.com
legacy.mycompany.com
and exch2010.mycompany.local?
I'm not sure on the last one.
I'm being asked to create a self signed SAN from the PDC/CA for use with both servers. As I understand it I can generate a SAN request from Exch 2010, fulfill the request from the 2003 server CA. Import it back to Exch 2010, export it and import it into Exch 2003.
Please correct the above logic if I'm wrong.
Assuming the plan is sound, will I have problems with the certs when the PDC is retired along with the Certificate Authority installed on it? or will the certs work fine until they expire? I'm learning ssl better but don't know the impact of retiring this PDC.
I will do everything in my power to have my manager just spring for the public CA cert in the mean time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have a guide to the entire process on my web site here: http://semb.ee/ssl
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.
Simon.
The GoDaddy certificates work wll: http://semb.ee/certs
However as long as you follow their instructions on putting in the intemediate certificate, have the DNS set correctly and then follow my guide, you should be fine.
Simon.
ASKER
Can you give me a link to good SAN/UCC cert vendor that is inexpensive and works well with Exchange? I've done some reading and see that some certs need additional hand holding to get them imported (GoDaddy).
Thanks