EXCHANGE 2010: SAN Certifcate with mutiple DNS names (private windows CA)


New-ExchangeCertificate -FriendlyName "Exchange 2010 multiple DNS" -IncludeServerFQDN -DomainName mail.*****.***,autodiscover.******.***,computername.*****.local,computername -GenerateRequest -PrivateKeyExportable $true

Copy the full code you receive including the —BEGIN… and —END… lines.
Open the sertificate services web interface.
http://serverdc/certsrv
-Request a certificate -> Advanced certificate request -> Submit a Certificate request by using …
Paste the code you received in the textbox, on the template dropdown select Web Server.
Click Submit.
On the next page click on Download Certificate.
Save the file on disk somewhere.
Go to Exchange console (GUI) – server Configuration – Hub transport – Exchange certificates.
Right click on the pending request and choose “Complete pending request”.
Select the file you saved to disk and finish the wizard.
When finished right click on the now completed certificate and choose “Assign services”.
Assign all services (except Unified messaing), choose YES to All for overwrite.
Delete all other certificates no longer needed.

Test your OWA and see what certificate is now being used.

Reference: http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority

Leave a Reply