Solved

Exchange 2010 UCC Cert Question - Need additional domain

Posted on 2014-04-16
4
379 Views
Last Modified: 2014-04-20
Greetings, we have a UCC cert for our domain with 5 Subject Alternative Names.

I have one more authorized domain to add.  Can I just purchase a single site cert and assign it to the same services as the UCC or do I need to replace the 5 UCC with a 10 UCC ?

Exchange 2010 SP2 RU4

Thanks much.
-Stephen
0
Comment
Question by:lapavoni
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40005971
First - Exchange 2010 SP2 is no longer supported - support ended last week, so you need to upgrade to Exchange 2010 SP3.

As for the SSL certificate, it depends what you are going to use it for. If it is for web services then you will need a new certificate, because you cannot have two certificates for web services on the same machine.

However if you have internal names on the certificate, then you should look to move away from that configuration. Any certificate that expires after November 2015 cannot have internal or NETBIOS only names on it, only public FQDN will be allowed.

Simon.
0
 

Author Comment

by:lapavoni
ID: 40006690
OK, this is for web services and we do indeed have internal names on the cert.  I inherited the current setup. Are internal names on there because the company used self-signed certs in the past ?  Why would an internal name on a cert still be necessary ?

Thanks for the info about support. Microsoft's product lifecycle support is a bit confusing. They say mainstream business support lasts 5 years from release date or 2 years after successor release date.  I don't think Exchange 2013 has been out since 4/12, right ? But they do list 4/8 as a hard date for support for SP2.

Thanks much for the valuable information.
-Stephen
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40006799
The product is supported for five years, but you have to keep the server up to date. You cannot hang around on an old revision for ages because you simply do not get updates for it.

Therefore Exchange 2010 is fully supported until 2015, but ONLY if you are on the latest service pack.

The internal names on the SSL certificate was the previous best practise for SSL with Exchange 2010, it was because Exchange used the internal names as well as the external names. This is most clearly seen on Autodiscover, the value of

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

is the server's real FQDN by default,

Now we would change it to match the common name on the SSL certificate, with a split DNS used to ensure it resolves correctly, so that the internal name isn't used anywhere other than perhaps on the RPC CAS Array.

Simon.
0
 

Author Closing Comment

by:lapavoni
ID: 40011619
Outstanding information. Thank you much.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question