Exchange 2010 self-signed certificate interfere with third-party certificate?
Posted on 2014-09-15
Good morning! We recently had to renew our third-party SSL certificate for our Exchange 2010 system, and because of certificate authority changes not permitting local intranet names as SANs in SSL certificates (, ie can't use ".local" in SANs anymore), we are now getting internal certificate warnings from our local, in-house Outlook 2010 clients when connecting to our CAS servers (certificate does not contain the name of the server being connected to). Our public OWA is working perfectly, and is all inbound and outbound email.
We have the renewed SSL certificate installed on all internal CAS servers, but I was concerned about installing a self-signed certificate on those same, operational CAS servers for the purpose of eliminating the Outlook client warnings. Will installing these self-signed certs side-by-side with a valid, operational 3rd party SSL cert causing any issues? What services do I assign to the new certificate *that won't interfere with the already-assigned services* on the 3rd party certificate? I've generated the CSR for the two internal CAS servers (intranet names only) for client access only, no internet services, but I don't want to mess up the current services.
Yes, I've read over the articles re: resetting the Virtual Directories and changes to DNS, but given our DAG configuration (different autodiscover servers for each site to eliminate WAN latency) I can't make those changes.
Any thoughts would be appreciated. Thanks!