We help IT Professionals succeed at work.

would selection be the same for cert for exch 2013 coming from 2007

vmich asked
Upgrading exch from 2007 to 2013 and was wondering if my names would all be the same for the 2013 as we had on the 2007 server?
We are keeping the outside urls the same for the 2013 as they were on the 2007.
So I have 6 names now on the 2007 and was wondering if the 2013 would be the same number?
Watch Question

Head of IT & DIgital

1st : If your exc 2013 server has a different computer name you would need to request a new SSL certificate from your CA.

2nd : you would need to change your internal DNS records for mail.domain.local to point to the new exchange and you would need to create a new record legacy.domain.local to point to the old exchange.

Migrating from 2007 to 2013 is a process that has to be done properly. There is a number of prerequisites that you have to have in place.

Please see : https://technet.microsoft.com/en-us/library/jj898581(v=exchg.150).aspx


Yes I know of the migration process and we have both servers 2007 and 2013 running but we are migrating all of the emails at one time so we are not going to have both up and running together for more than 1 day..
I guess I just need to know 1, which name do I select for the common name on the 2013 when generating the cert request and 2, we had 1 email domain name and now added a second one which is the main email domain but we still have both, in case users still send to the old name, so do I need to add both names to the cert for autodiscover?
Leroy LuffHead of IT & DIgital

1. Common name would be your external dns record name i.e mail.domain.com

2. This should have nothing to do with the certificate - You do not need autodiscover to deliver mails for the old domain. As long as the old domain name MX record is pointing to the Common name and is set as accepted domain in exchange 2013 you should be good.
Most Valuable Expert 2014
"If your exc 2013 server has a different computer name you would need to request a new SSL certificate from your CA."

Disagree there.
It is no longer best practise to have any internal names on the SSL certificate. This is because you can no longer put internal only or NETBIOS names on public SSL certificates.

What you do about host names depends on the migration method you are using.
If you are going "big bang" (so everyone is on Exchange 2007 on Friday, come Monday they are all on 2013) then use the same host names.
However if you are going down an extended coexistence period (anything more than a day or two) then you need to have unique host names for both versions. That would usually be your existing names for Exchange 2013 and a legacy host name for Exchange 2007.

If you configure the two environments with the same host names then things will not work correctly.



Yes we are migrating all at once from 2007 to 2013 in the same day..
So shouldI just go with the names that are seen by the 2013 from the 2007, bascically the same ones that were on the cert for 2007?
Most Valuable Expert 2014

If, and it is a big if, users are not going to be allowed to connect during the coexistence period, then you can use the same certificate with the same names. Use the same external name internally via split DNS (so eliminating the use of the server's real name).

If you aren't limiting users access then they will be unable to get access because you will have a confused Exchange environment and clients. The URLs set on the server are used by Autodiscover and Exchange to route the clients to the correct server. If both servers are set the same then you will have clients on the "wrong" server (ie the one which the DNS is NOT pointing to) unable to connect.



cert selections