locked
Renew exchange 2010 certification (Remove extra DNS names from SAN certificate) RRS feed

  • Question

  • All,

    We're using SAN cert at exchange and it is due to renew. However, there are few DNS name in the certificate which we don't need now. Shall we generate new CSR with all the required DNS names or Renew the existing one (Does renewal gives the option to remove existing DNS names)?

    Thanks,

    Vik

    Wednesday, August 21, 2013 6:31 AM

Answers

  • Hi Vik

    You will need to generate a new CSR with only the names you need on it.  You may not know that you will not be able to include and names with .local, .internal etc. anymore so those will have to come off if you have any.

    Steve

    • Marked as answer by VikExchadmin Wednesday, August 21, 2013 8:03 AM
    Wednesday, August 21, 2013 6:46 AM

All replies

  • Hi Vik

    You will need to generate a new CSR with only the names you need on it.  You may not know that you will not be able to include and names with .local, .internal etc. anymore so those will have to come off if you have any.

    Steve

    • Marked as answer by VikExchadmin Wednesday, August 21, 2013 8:03 AM
    Wednesday, August 21, 2013 6:46 AM
  • Thanks Steve and I appreciate giving additional info about the cert.

    And does it matters to choose specific CAS server to generate CSR or any of the CAS server is fine?

    We've 3 CAS servers. The steps should be:

    Generate CSR

    Get Cert and complete CSR

    Export Cert and import on rest of the CAS servers.

    Is this correct?

    Wednesday, August 21, 2013 6:56 AM
  • Yes you can use any CAS server and those steps are correct.

    Steve

    Wednesday, August 21, 2013 7:02 AM