Hi!

We have migrated our Exchange 2003 to 2010. As per http://www.petenetlive.com/KB/Article/0000264.htm we can export the certificate from Exchange 2003 and import it in 2010 but is it really possible as the internal name of Exchange 2003 is different then 2010 and included as a SAN in the certificate. What is the proper way move the certificate. Should we generate a new CSR in Exchange 2010 and buy a new certificate.

Secondly, while generating a new CSR there is an option for legacy.domain.com. Should we include this in the new CSR. We need to decommission Exchange 2003.

Thanks.

• Edited by create_share Friday, April 04, 2014 8:44 PM

Hi, if you cannot move all your mailboxes at the same time meaning that there will be a need for coexistence you definitely need to have the legacy Exchange2003URL in the certificate. 

Meantime it does not have to be legacy.domain.com it could be any URL you want. (i.e. abc.domain.com)

CK

Hi, if you cannot move all your mailboxes at the same time meaning that there will be a need for coexistence you definitely need to have the legacy Exchange2003URL in the certificate. 

Meantime it does not have to be legacy.domain.com it could be any URL you want. (i.e. abc.domain.com)

CK

• Proposed as answer by CanKILIC 2 hours 36 minutes ago

When you say that "you have migrated" to Exchange 2010 and you still have Exchange 2003, I guess, you mean that you are in the middle of the upgrade process and you haven't decommissioned yet the legacy server.

Have you configured URL, performed the Switchover, moved Mailboxes and Public Folders etc?

Generally, you need to choose a "Quick Upgrade" or "Coexistence" scenario. If you are confident that you can complete the upgrade during the weekend and decommission the legacy Exchange, you can skip the use of the legacy namespace. Still, it is recommended to use a trusted Multiple Domain certificate with Exchange 2010. Alternatively, you can export and use the existing single domain certificate from Exchange 2003, but this will require configuring a PinPoint DNS zone on the local network and a SRV record in the external DNS zone, plus the remote Outlook Anywhere users will get an annoying redirection popup warning. If you have just a handful of remote users, that might work, but otherwise - just buy a UCC (the GoDaddy one is about $70USD with a coupon).

The coexistence scenario is suitable when you need to move a lot of resources and the upgrade will span a considerable amount of time.

                                                                   

Step by Step Screencasts and Video Tutorials

• Edited by NetoMeter Screencasts 3 hours 4 minutes ago

Already re-keyed and installed the certificate for Exchange 2010. Working fine now and will decommission 2003 soon.

Thanks.

When you say that "you have migrated" to Exchange 2010 and you still have Exchange 2003, I guess, you mean that you are in the middle of the upgrade process and you haven't decommissioned yet the legacy server.

Have you configured URL, performed the Switchover, moved Mailboxes and Public Folders etc?

Generally, you need to choose a "Quick Upgrade" or "Coexistence" scenario. If you are confident that you can complete the upgrade during the weekend and decommission the legacy Exchange, you can skip the use of the legacy namespace. Still, it is recommended to use a trusted Multiple Domain certificate with Exchange 2010. Alternatively, you can export and use the existing single domain certificate from Exchange 2003, but this will require configuring a PinPoint DNS zone on the local network and a SRV record in the external DNS zone, plus the remote Outlook Anywhere users will get an annoying redirection popup warning. If you have just a handful of remote users, that might work, but otherwise - just buy a UCC (the GoDaddy one is about $70USD with a coupon).

The coexistence scenario is suitable when you need to move a lot of resources and the upgrade will span a considerable amount of time.

                                                                   

Step by Step Screencasts and Video Tutorials

• Edited by NetoMeter Screencasts Sunday, April 06, 2014 7:53 AM