Exchange 2010 Certificates

Hi we currently have a Wildcard certificate.
We are going through a company merger, and have been requested to get a certificate which supports two levels of subdomain.  Ie.
our currently wildcard certificate covers *.domain.com
we are requested to get a SAN cert which will cover: autodiscover.exchange.domain.com
our cert vendor is Thwate.
Question is, once we get this cert - what will we have to do so all of our Outlook Clients (2010/2013) will connect using the new cert and not get prompted with any security dialog box warnings?

Hope that makes sense


Thanks,
nutekconsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You will need to configure your virtual directories with the new name. Also for simplicity you will also want to configure your Internal and External virtual directories the same. This requires Split DNS to be configured.

I have created HowTo's for all of these steps required.

Configure Split DNS and virtual directories (this is specifically for Exchange 2013 but all of the same steps apply for Exchange 2010)
http://www.wsit.ca/how-tos/exchange-server-2/configure-split-dns-and-exchange-2013-virtual-directories/

Enable Exchange Certificates (this also is specifically for Ex2013 however go down to Enable Exchange Certificate in Exchagne Management Shell)
http://www.wsit.ca/how-tos/exchange-server-2/exchange-2013-certificate-generation-csr-import-enable-exchange-certificate/

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

As mentioned you're using a SAN certificate you need to set the mail.example.com pointing to this certificate. Along with that you have to assign the services to the new certificate. Refer the below link. You may need to add the fqdn of autodiscover, pop, IMAP, active-sync & web services in SAN certificate

https://technet.microsoft.com/en-us/library/dd351257(v=exchg.141).aspx

Thanks
Manikandan
Prabhat KumarCommented:
Hi,

You need to be very careful before generating certificate request. Please go through below URL, explaining all the required details.

https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.