We help IT Professionals succeed at work.

Need to remove domains from SSL SAN so can i renew the existing SSL certificate?

I had to remove two domains from the SAN list in our GoDaddy SSL certificate for our mail domain.  The question I have since I received the new verified certificate is can I create a CSR from a renewal request on the Exchange server even though it will be missing those two domains? Or do I have to create a completely new certificate request?  If so, what is the best way via PowerShell to get all the information to fill the new certificate?


(2) Exchange 2010 Servers in a DAG with Office 365 hybrid.
Comment
Watch Question

MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017
Commented:
Create CSR command easily using this tool. Run the command in Exchange Shell. Add names required in the tool.
https://www.experts-exchange.com/articles/28662/Easy-CSR-creation-Exchange-2007-2010-and-2013.html
Paste CSR in Godaddy portal dont forget to check SANs added before clicking submit button.
Use the step 4 from below article and assign services.
https://www.experts-exchange.com/articles/29657/Exchange-2010-Fix-for-an-Invalid-certificate-and-related-issues.html
Network Security Engineer
Distinguished Expert 2018
Commented:
You need to redo it again,  Expedite a new CRS certificate from your exchange, add whatever domain such as

1- mail.mydomain.com
2- autodiscover.mydomain.com

Then, apply that cert to any exchange you have in your environment.
Joshua AnayaIT System Administrator

Author

Commented:
Amazing help thank you.