Hi,
I am not sure if this is the correct forum to post this question in.
Basically we are migrating from Exchange 2007 to Exchange 2013. Our 2013 machines have both roles installed and do everything. They are configured in a DAG. We have no hardware load balancing/reverse proxy or etc. inside or outside.
We use an alias of mail.domain.com to connect to OWA/ActiveSync and etc from the Internet.. this alias would point to mail1.domain.com which is the IP of the first Exchange 2013 server.
If that server were to break, we would point the alias of mail.domain.com to mail2.domain.com which is the IP of the second Exchange 2013 server. Clients would not need any changes before they started connecting to the remaining mail server (eventually) and email would continue.
I know this is not an ideal setup, but for now it is what we have and would keep us running in the event of server failure.
My question is, when I request a certificate, do I need two of them with mail1.domain.com and mail2.domain.com as their primary and SAN of mail.domain.com OR do I request one certificate with mail.domain.com as the primary host and SAN of mail1.domain.com
and mail2.domain.com (and install the one certificate on both servers).
I want to include mail1.domain.com and mail2.domain.com as this can be helpful for testing and/or during migration.
I hope that makes some sense and appreciate any help people can offer.
Thanks!