The built-in Self signed certificate in Exchange 2010 and 2013 will not include multiple names. It only includes the server name. If you need to generate a multi SAN (Subject Alternate Name) Self Signed certificate for a test environment follow the following steps.
- Download SelfSSL7 from http://blogs.iis.net/blogs/thomad/SelfSSL7.zip
- Execute: Selfssl7.exe /N cn=mail.domain.com;cn=autodiscover.domain.com;cn=casserver.domain.com;legacy.domain.com /K 2048 /V 18250 /X /F c:mail_domain_com.pfx /W Password /Q
Switches for SelfSSL
- /N – DNS Names in the Certificates (ex: cn=mail.domain.com;cn=autodiscover.domain.com
- /K – Key length (/K 2048
- /V – Valid time in days (18250 = 50 years)
- /I – Configure IIS Bindings
- /S – Site to Configure
- /P – Port Number
- /A – IP Address
- /T – Trust Certificate (Add certificate to local Certificate Store)
- /Q – Overwrite the present binding in IIS
Repost from: <http://geekswithblogs.net/renewieldraaijer/archive/2011/05/11/self-signed-san-certificates.aspx>