locked
Renew exchange 2010 certification (Remove extra DNS names from SAN certificate) RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    All,

    We're using SAN cert at exchange and it is due to renew. However, there are few DNS name in the certificate which we don't need now. Shall we generate new CSR with all the required DNS names or Renew the existing one (Does renewal gives the option to remove existing DNS names)?

    Thanks,

    Vik

    Wednesday, August 21, 2013 6:31 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Vik

    You will need to generate a new CSR with only the names you need on it.  You may not know that you will not be able to include and names with .local, .internal etc. anymore so those will have to come off if you have any.

    Steve

    • Marked as answer by VikExchadmin Wednesday, August 21, 2013 8:03 AM
    Wednesday, August 21, 2013 6:46 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Vik

    You will need to generate a new CSR with only the names you need on it.  You may not know that you will not be able to include and names with .local, .internal etc. anymore so those will have to come off if you have any.

    Steve

    • Marked as answer by VikExchadmin Wednesday, August 21, 2013 8:03 AM
    Wednesday, August 21, 2013 6:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Steve and I appreciate giving additional info about the cert.

    And does it matters to choose specific CAS server to generate CSR or any of the CAS server is fine?

    We've 3 CAS servers. The steps should be:

    Generate CSR

    Get Cert and complete CSR

    Export Cert and import on rest of the CAS servers.

    Is this correct?

    Wednesday, August 21, 2013 6:56 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yes you can use any CAS server and those steps are correct.

    Steve

    Wednesday, August 21, 2013 7:02 AM