Certificate Testing Senario - need advise

[onsetcomp]

I have purchased a "real" certificate from Digicert for my exchange 2007 server. Is there a way for me to install this and test it for both Outlook 2007 / OWA... and if it fails how can I revert back to my home-grown currently working cert (that will expire in 2 weeks)?

I'm really worried that the purchased cert isn't going to work as planned and need a way to safely go back to the original without everyone at work freaking out.

Related question which caused me to have to buy a real cert: My home-grown cert was created with a 10 year expiration but shows 10 years on one part of the cert and only 1 year on another. Do certs need to be recreated every year?

 

[Zelandakh]

Self certs are fine for both Outlook 2007 and OWA. OWA will give you a "Click to continue" but users soon get used to it.

Just install the cert and if it goes wrong, the worst that will happen is that they'll have to click to continue on a different cert.

If the internal FQDN is different from the external FQDN you'll get an error on one side or the other unless you bought a certificate with SAN (subject alternative name) or a wild card cert.

 

[onsetcomp]

What doesn't make sense to me is that the existing cert has two levels, one expired after a year and the other is 10 years. I didn't create it like that with MS.

If the existing one is left alone and does expire, does anything stop working or do warnings just pop up?

 

[Zelandakh]

I think (but could be wrong) that the 10 years is internal only and the 1 year is public that auto renews as public certs have a max life of 2 years.

If the internal one expires nothing major will go wrong and if need be you can reinstall it.

To be safe, export the cert from the cert auth.