Exchange 2007 UUC Certificate

Recently I’ve been worknig with Exchange 2007 and the UCC certificates for SAN’s. The question no one seems to be able to answer todate is the following:

Exchange 2007 hosting for multiple companies. I need to be able to present each company with basically 2 different URL’s specific to their company. and The next client is going to need and With Exchange powershell you can create the certificate and keep adding SAN’s so I think its possible.

Assuming the UCC certificate with multiple domain names is possible to configure, if I were to buy a UCC certificate with 10 domains, if I then needed 20 domains do i need to throw away the 10 domain UCC cert or can I upgrade to the 20 domain UCC certificate by resubmitting the info for the 20 domains?


With any SSL certificate the domain is hard coded into the issued certificate.

Therefore any changes, including additional domains will mean a re-issued certificate, which will need to be installed again.


I have no problem with getting a re-issued certificate, but there must be some mechanism in place by now (or hopefully coming) whereas I can purchase a 10 domain cert (UCC), put in 3 SAN’s and then revoking, submitting a new request with additional domain(s) added, and then reinstalling up to the 10 domain limit or something.

In realitiy I am just updating the SAN’s on a certificate.

That does bring up an interesting thought though. When I create a cert with SAN’s, the UCC allows me to use multiple domains in the cert request. The positivessl cert only requires that you be able to receive email at the domain in order for the cert to be validated. I believe that actually only looks at the primary Subject name so in theory I could get an ssl certificate for and have a SAN that is or something like that in it. Since its an automated process for the cert request I could in theory run a website that is ssl encrypted but doesnt belong to me.