Exchange 2010 Certificates

I have a 3rd party cert used in Exchange 2010 that uses an internal name exch.domain.local. I can't renew this cert because of the new cert requirements. I have found the steps to run in powershell (https://support.microsoft.com/en-us/kb/940726?wa=wsignin1.0), but I have some questions.

1. The third party company will exclude the internal url, but the notes say it can't be excluded. So does this mean I need to create a totally new cert, or will the 'renew cert' work?

2. The current cert is SHA-1, do I need a totally new cert to go to SHA-2, or can the 'renew cert' be upgraded SHA-2?

3. Instead of using Powershell, can the modifications be made in EMC?

4. Do the powershell commands change the 'Specify the FQDN the connector will provide in response to HELO or EHLO.', or do I do that manually in EMC?

5. Should our public url have a reverse lookup PTR in DNS?
imccoyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior Systems EnginerCommented:
1.  You are better off just getting a new cert.

2.  Again, get a new cert.

3.  Yes, you can import a cert using the EMC, but the powershell commands are very easy to use.

4.  You should be able to do it either way.

5.  I believe so.
0
MAS (MVE)EE Solution GuideCommented:
1. The third party company will exclude the internal url, but the notes say it can't be excluded. So does this mean I need to create a totally new cert, or will the 'renew cert' work?
Both (renew and new) will work. Use this to get the command

2. The current cert is SHA-1, do I need a totally new cert to go to SHA-2, or can the 'renew cert' be upgraded SHA-2?
By default it will be SHA-2

3. Instead of using Powershell, can the modifications be made in EMC?
EWS and Autodiscover should be done from EMS. Check this

4. Do the powershell commands change the 'Specify the FQDN the connector will provide in response to HELO or EHLO.', or do I do that manually in EMC?
It will function as usual. No need to do any change in receive connector.

5. Should our public url have a reverse lookup PTR in DNS?
You are supposed to have a PTR for yoru external name/IP.

Please follow this article
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
imccoyAuthor Commented:
Thanks for the info.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.