I have a 3rd party cert used in Exchange 2010 that uses an internal name exch.domain.local. I can't renew this cert because of the new cert requirements. I have found the steps to run in powershell (https://support.microsoft.com/en-us/kb/940726?wa=wsignin1.0
), but I have some questions.
1. The third party company will exclude the internal url, but the notes say it can't be excluded. So does this mean I need to create a totally new cert, or will the 'renew cert' work?
2. The current cert is SHA-1, do I need a totally new cert to go to SHA-2, or can the 'renew cert' be upgraded SHA-2?
3. Instead of using Powershell, can the modifications be made in EMC?
4. Do the powershell commands change the 'Specify the FQDN the connector will provide in response to HELO or EHLO.', or do I do that manually in EMC?
5. Should our public url have a reverse lookup PTR in DNS?