Adding a Subject Alternative Name to an exchange certificate


We're running an Exchange 2010 environment with multiple SMTP domains which we have configured autodiscover for as well.

Now we have discovered that some of the autodiscover addresses hass not been added as a SAN in the certificate, giving the users a warning when they configure profiles.

Is is possible to add more SAN / DNS names to an existing certificate and if so, how would I do it?

Best Answer

You would need to do a new SSL request with the additional names on it. Most SSL providers will allow you to do a rekey of the certificate for free, so it should just be a matter of repeating what you have already in the request, then adding the additional names.

Whether you can add more names is down to the SSL vendor - some charge per name, some have five, ten or more names allowed etc.

The other option would be to remove the from DNS (and you need to ensure that you don't have a wildcard in the DNS as well) and then switch to SRV or HTTP redirect for Autodiscover instead. Depends on how many more names you need to add. One or two, I would probably get a replacement certificate - fifteen or more, time for something else.