Solved

Exchange 2010 UCC Cert Question - Need additional domain

Posted on 2014-04-16
4
376 Views
Last Modified: 2014-04-20
Greetings, we have a UCC cert for our domain with 5 Subject Alternative Names.

I have one more authorized domain to add.  Can I just purchase a single site cert and assign it to the same services as the UCC or do I need to replace the 5 UCC with a 10 UCC ?

Exchange 2010 SP2 RU4

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
First - Exchange 2010 SP2 is no longer supported - support ended last week, so you need to upgrade to Exchange 2010 SP3.

As for the SSL certificate, it depends what you are going to use it for. If it is for web services then you will need a new certificate, because you cannot have two certificates for web services on the same machine.

However if you have internal names on the certificate, then you should look to move away from that configuration. Any certificate that expires after November 2015 cannot have internal or NETBIOS only names on it, only public FQDN will be allowed.

Simon.
0
 

Author Comment

by:lapavoni
Comment Utility
OK, this is for web services and we do indeed have internal names on the cert.  I inherited the current setup. Are internal names on there because the company used self-signed certs in the past ?  Why would an internal name on a cert still be necessary ?

Thanks for the info about support. Microsoft's product lifecycle support is a bit confusing. They say mainstream business support lasts 5 years from release date or 2 years after successor release date.  I don't think Exchange 2013 has been out since 4/12, right ? But they do list 4/8 as a hard date for support for SP2.

Thanks much for the valuable information.
-Stephen
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
The product is supported for five years, but you have to keep the server up to date. You cannot hang around on an old revision for ages because you simply do not get updates for it.

Therefore Exchange 2010 is fully supported until 2015, but ONLY if you are on the latest service pack.

The internal names on the SSL certificate was the previous best practise for SSL with Exchange 2010, it was because Exchange used the internal names as well as the external names. This is most clearly seen on Autodiscover, the value of

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

is the server's real FQDN by default,

Now we would change it to match the common name on the SSL certificate, with a split DNS used to ensure it resolves correctly, so that the internal name isn't used anywhere other than perhaps on the RPC CAS Array.

Simon.
0
 

Author Closing Comment

by:lapavoni
Comment Utility
Outstanding information. Thank you much.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now