• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

Exchange 2010 UCC Cert Question - Need additional domain

Greetings, we have a UCC cert for our domain with 5 Subject Alternative Names.

I have one more authorized domain to add.  Can I just purchase a single site cert and assign it to the same services as the UCC or do I need to replace the 5 UCC with a 10 UCC ?

Exchange 2010 SP2 RU4

Thanks much.
-Stephen
0
lapavoni
Asked:
lapavoni
  • 2
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
First - Exchange 2010 SP2 is no longer supported - support ended last week, so you need to upgrade to Exchange 2010 SP3.

As for the SSL certificate, it depends what you are going to use it for. If it is for web services then you will need a new certificate, because you cannot have two certificates for web services on the same machine.

However if you have internal names on the certificate, then you should look to move away from that configuration. Any certificate that expires after November 2015 cannot have internal or NETBIOS only names on it, only public FQDN will be allowed.

Simon.
0
 
lapavoniAuthor Commented:
OK, this is for web services and we do indeed have internal names on the cert.  I inherited the current setup. Are internal names on there because the company used self-signed certs in the past ?  Why would an internal name on a cert still be necessary ?

Thanks for the info about support. Microsoft's product lifecycle support is a bit confusing. They say mainstream business support lasts 5 years from release date or 2 years after successor release date.  I don't think Exchange 2013 has been out since 4/12, right ? But they do list 4/8 as a hard date for support for SP2.

Thanks much for the valuable information.
-Stephen
0
 
Simon Butler (Sembee)ConsultantCommented:
The product is supported for five years, but you have to keep the server up to date. You cannot hang around on an old revision for ages because you simply do not get updates for it.

Therefore Exchange 2010 is fully supported until 2015, but ONLY if you are on the latest service pack.

The internal names on the SSL certificate was the previous best practise for SSL with Exchange 2010, it was because Exchange used the internal names as well as the external names. This is most clearly seen on Autodiscover, the value of

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

is the server's real FQDN by default,

Now we would change it to match the common name on the SSL certificate, with a split DNS used to ensure it resolves correctly, so that the internal name isn't used anywhere other than perhaps on the RPC CAS Array.

Simon.
0
 
lapavoniAuthor Commented:
Outstanding information. Thank you much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now