I set up the first Exchange 2013 Server and issued a cert from our internal CA server on Windows Server 2012 R2. Everything worked with no errors and no cert warnings when accessing OWA (followed steps at: http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/ and the related pages that one links to). That cert include the computer name of the first server and all the external names (mail.domain.com, autodiscover.domain.com, etc.)
However, when I added a second server and created a DAG (for redundancy and failover protection), I wasn't sure what to do about the cert. I just exported the cert from the first and imported it into the second, but I now get bad certificate errors on various devices, even though the DAG's name points to the first server. One thing I know I may have done wrong is left the name of the second server out of the certificate. I can correct that easily enough and produce a second certificate, but I'd like to know that's all that's needed before taking this step.
Should I just repeat the original process, but include the name of the second server on the certificate and issue one cert for both, or do I need to produce a second certificate just for the second server, and use that along side the existing cert issued to the first.
I am quite ignorant about this, so as much details as you could give me would be very much appreciated. Or, if you need any additional details from me to be able to help, just let me know and I'll be happy to provide as much info as I can gather.
Thanks,
Colin
Colin