hello there

we are planning to migrate from 2010 to 2013. we would like to use the exchange certificate in place on 2010 servers

so simple question : should i put fqdn and netbios names  of exchange 2013 in certificate ? in case not we can use exchange 2010 certificat :)

i have seen many companies doing that but i dont know why, especially when you use split DNS and internalurl = externalurl

thank

regards

hello there

we are planning to migrate from 2010 to 2013. we would like to use the exchange certificate in place on 2010 servers

so simple question : should i put fqdn and netbios names  of exchange 2013 in certificate ? in case not we can use exchange 2010 certificat :)

i have seen many companies doing that but i dont know why, especially when you use split DNS and internalurl = externalurl

thank

regards

All you need are the hostnames of the URLs that clients will connect to in the cert subject name fields.

Typically that is a load balanced URL hostname and not the specific server FQDN and not the NetBIOS name.

Hi zouzou,

Thank you for your question.

The Exchange just use FQDN in certificate. About NetBIOS, we could refer  to the bottom at the following link

https://technet.microsoft.com/en-us/library/bb663572%28v=office.12%29.aspx

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

http://exchangeserverpro.com/exchange-server-2010-2013-migration-configuring-ssl-certificates/

1. Create new local DNS zone with Company.com and create just one host A record (Mail.company.com) that point to NLB VIP
2. Change all internal and external URLs to be Https://Mail.company.com/OWA, /ECP.... etc.
3. Change Exchange web services to be Https://Mail.company.com/EWS/Exchange.asmx
4. Change Autodiscover URLs and URI to be Https://mail.company.com/

you must have at least two SANs (Autodiscover.company.com and Mail.company.com)

hi all,

i do appreciate your contributions. thanks a lot

So, i Only care FQDN of exchange services in certificats such as mail.mycompany.com, autodiscover.mycompany.com; mail-internal.mycompany.com...

i dont mind 8 servers names such as :

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

Thanks

hi all,

i do appreciate your contributions. thanks a lot

So, i Only care FQDN of exchange services in certificats such as mail.mycompany.com, autodiscover.mycompany.com; mail-internal.mycompany.com...

i dont mind 8 servers names such as :

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

Thanks

Yes. You only care about FQDNs that clients will use to connect to the servers. If you want to connect directly to a specific server to test, you just ignore the cert mismatch error.

Hi ,

I agree with Andy.

By you said:

FQDN : server1.mycompany.com, server2.mycompany.com... => i dont care

Netbios : server1, server2... => i dont care

You should care FQDN.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

why should i care server FQDN ??

dont get me wrong, of course i do care FQDN of exchange services

FQDN of owa, FQDN of asyn, oab and and so on...

but i do not understand why i should i care of server1.mycompany.local, server2.mycompany.local...server8.mycompany.local

users wont deal with exchanges server FQDN only services provides by exchange servers right ? 

• Edited by zouzouf95 12 hours 14 minutes ago