Now that we understand the load balancing and namespace planning principles and how clients connect in an Exchange 2013 environment that has Exchange 2007 and/or Exchange 2010 deployed, the proper certificates can be constructed and deployed as part of the upgrade process.

Of course it goes without saying that there are a few rules you should follow in crafting your certificates:

  1. Use as few certificates as possible.
  2. Use as few host names as possible.
  3. Utilize the Subject Alternative Name (SAN) attribute on the certificate.
  4. Use the Exchange Certificate Wizard within the Exchange Admin Center to request certificates.
  5. Deploy the same certificate across all CAS in the datacenter pair.
  6. Deploy Vista SP1 or later clients so that you do not have to worry about the certificate principal name value.

Wildcard certificates are an option as well. A wildcard certificate for *.contoso.com results in a certificate that will work for mail.contoso.com, legacy.contoso.com, and autodiscover.contoso.com namespaces.

To understand what host names should be included in the certificate request, three scenarios will be considered that leverage the architecture principles discussed in the prior articles.

Read the complete blog at http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx

Read my favorites blogs:

Assigning File Share permissions using Power Shell

Disk Read Error when migrating virtual machine from one cluster to another

Designing a backup less Exchange 2010 Architecture

Appear Offline in Microsoft Office Communicator Server 2007

Microsoft Exchange 2010 Test cases

Microsoft Exchange Server 2010 Disaster Recovery