Secnario: Transitioning from Exchange 2003 to 2013 via a stop over at 2010. When installing 2010, the requirement for a SAN certificate is presented along with a nice little wizzard to generate names to be included in the certificate.
The CA that I am required to use has multiple options for certificate requests, including the option to request a SAN certificate, which is a different "process" or (for all practical purposes) a differnt URL link from requesting a single name cert. When making the SAN request to the CA, it is at this point that I would add the additional names needed on the certificate to the single name cert. I am concerned that if I follow the wizzard from within Exchange 2010 that it will include a bunch of names in the certificate request that i will once again include when making the final request to the CA. In the end I would expect to see each name listed twice, which is probably not good.
I should note this: I am not confident that if I followed the wizzard within Exchange, generate a SAN cert with all those names, but submit it via the "single name" process that the CA will actually accept it.
My question...can i simply generate a certificate request from within the Certificates MMC including only the machine's FQDN, then, make the request with that file, adding the additional names i'll need (like owa.mydomain.com) at request time, then complete the request by importing the cert via the Certificates MMC, then assign the cert in Exchange later? Or does the entire process have to be done from within the Exchange Managment Console?
Thanks for the assistance!
Chris R