?
Solved

Exchange 2010 UCC Cert Question - Need additional domain

Posted on 2014-04-16
4
Medium Priority
?
395 Views
Last Modified: 2014-04-20
Greetings, we have a UCC cert for our domain with 5 Subject Alternative Names.

I have one more authorized domain to add.  Can I just purchase a single site cert and assign it to the same services as the UCC or do I need to replace the 5 UCC with a 10 UCC ?

Exchange 2010 SP2 RU4

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40005971
First - Exchange 2010 SP2 is no longer supported - support ended last week, so you need to upgrade to Exchange 2010 SP3.

As for the SSL certificate, it depends what you are going to use it for. If it is for web services then you will need a new certificate, because you cannot have two certificates for web services on the same machine.

However if you have internal names on the certificate, then you should look to move away from that configuration. Any certificate that expires after November 2015 cannot have internal or NETBIOS only names on it, only public FQDN will be allowed.

Simon.
0
 

Author Comment

by:lapavoni
ID: 40006690
OK, this is for web services and we do indeed have internal names on the cert.  I inherited the current setup. Are internal names on there because the company used self-signed certs in the past ?  Why would an internal name on a cert still be necessary ?

Thanks for the info about support. Microsoft's product lifecycle support is a bit confusing. They say mainstream business support lasts 5 years from release date or 2 years after successor release date.  I don't think Exchange 2013 has been out since 4/12, right ? But they do list 4/8 as a hard date for support for SP2.

Thanks much for the valuable information.
-Stephen
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40006799
The product is supported for five years, but you have to keep the server up to date. You cannot hang around on an old revision for ages because you simply do not get updates for it.

Therefore Exchange 2010 is fully supported until 2015, but ONLY if you are on the latest service pack.

The internal names on the SSL certificate was the previous best practise for SSL with Exchange 2010, it was because Exchange used the internal names as well as the external names. This is most clearly seen on Autodiscover, the value of

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

is the server's real FQDN by default,

Now we would change it to match the common name on the SSL certificate, with a split DNS used to ensure it resolves correctly, so that the internal name isn't used anywhere other than perhaps on the RPC CAS Array.

Simon.
0
 

Author Closing Comment

by:lapavoni
ID: 40011619
Outstanding information. Thank you much.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video discusses moving either the default database or any database to a new volume.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question