disturbedone
Vendor
Our 2x E2K10SP3 CA servers have certificate with the names (changed for anonymity):
CN webmail.mydomain.com
SAN autodiscover.mydomain.com
SAN autodiscover.domain.local
SAN exca1.domain.local
SAN exca2.domain.local
SAN mail.mydomain.com
The certificate is going to expire in a few months. Entering the CSR on Thawte's website gives the message:
Where to from here?
Do I really need the .domain.local SANs? If I remove the .domain.local SANs will everything work? I'm dubious about removing them - they must've been put in for a reason. Or if I remove them do other changes need to be made elsewhere?
CN webmail.mydomain.com
SAN autodiscover.mydomain.com
SAN autodiscover.domain.local
SAN exca1.domain.local
SAN exca2.domain.local
SAN mail.mydomain.com
The certificate is going to expire in a few months. Entering the CSR on Thawte's website gives the message:
Due to new CA/Browser Forum changes, we no longer support internal server names or IP addresses for certificates that expire after November 1, 2015. Shorten your validity period or enter a fully qualified domain name to continue
Where to from here?
Do I really need the .domain.local SANs? If I remove the .domain.local SANs will everything work? I'm dubious about removing them - they must've been put in for a reason. Or if I remove them do other changes need to be made elsewhere?