Solved

Exchange 2010 UCC Cert Question - Need additional domain

Posted on 2014-04-16
4
382 Views
Last Modified: 2014-04-20
Greetings, we have a UCC cert for our domain with 5 Subject Alternative Names.

I have one more authorized domain to add.  Can I just purchase a single site cert and assign it to the same services as the UCC or do I need to replace the 5 UCC with a 10 UCC ?

Exchange 2010 SP2 RU4

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40005971
First - Exchange 2010 SP2 is no longer supported - support ended last week, so you need to upgrade to Exchange 2010 SP3.

As for the SSL certificate, it depends what you are going to use it for. If it is for web services then you will need a new certificate, because you cannot have two certificates for web services on the same machine.

However if you have internal names on the certificate, then you should look to move away from that configuration. Any certificate that expires after November 2015 cannot have internal or NETBIOS only names on it, only public FQDN will be allowed.

Simon.
0
 

Author Comment

by:lapavoni
ID: 40006690
OK, this is for web services and we do indeed have internal names on the cert.  I inherited the current setup. Are internal names on there because the company used self-signed certs in the past ?  Why would an internal name on a cert still be necessary ?

Thanks for the info about support. Microsoft's product lifecycle support is a bit confusing. They say mainstream business support lasts 5 years from release date or 2 years after successor release date.  I don't think Exchange 2013 has been out since 4/12, right ? But they do list 4/8 as a hard date for support for SP2.

Thanks much for the valuable information.
-Stephen
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40006799
The product is supported for five years, but you have to keep the server up to date. You cannot hang around on an old revision for ages because you simply do not get updates for it.

Therefore Exchange 2010 is fully supported until 2015, but ONLY if you are on the latest service pack.

The internal names on the SSL certificate was the previous best practise for SSL with Exchange 2010, it was because Exchange used the internal names as well as the external names. This is most clearly seen on Autodiscover, the value of

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

is the server's real FQDN by default,

Now we would change it to match the common name on the SSL certificate, with a split DNS used to ensure it resolves correctly, so that the internal name isn't used anywhere other than perhaps on the RPC CAS Array.

Simon.
0
 

Author Closing Comment

by:lapavoni
ID: 40011619
Outstanding information. Thank you much.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question