I have totally replaced an expired godaddy certificate, but i have a mix of clients on the site. A lot of OWA shortcuts can be replaced centrally, but I have a lot that can't.
Our internal domain is different to our email domain name (.local and .org)
Most clients connect to OWA using https://local-exchange-server/owa
from their domain desktops and are authenticated using Windows Integrated Authentication.
With the new 3rd party certificate rules for dropping local server names, these shortcuts are now showing Certificate errors as you'd expect.
If i point the clients to the new certificates SAN addresses, they need to authenticate (as you'd expect!)
Firstly, can i just add a self signed cert on exchange and trust using a GPO or will this interfere with the 3rd party cert i've installed?
How is best to enable Windows Integrated Authentication for desktop users using the new certs SAN names like https://mail.exchange.com?
I seem to have a mess with certificates - 7 certs currently visible through the powershell get-exchangecertificate command although some are expired.
I can provide the list if someone cares to help?
Can i just delete those expired ones?
Appreciate any help here as struggling. The more i read the more confused i become!