I have a certificate that contains serveral FQDNs:
X509v3 Subject Alternative Name:
DNS:mx.my.domain, DNS:my.domain, DNS:imap.my.domain, DNS:mail.my.domain, DNS:pop3.my.domain
My intention was to catch all hostnames that could have been used as mail server name.
Now Outlook 2010 seems to have issues dealing with the x509v3 “Subject Alternative Name” because it shows a “target principal name is incorrect” message. So we made the decision to use a certificate without the SAN feature and CN=mail.my.domain.
Can I simply request a new certifiacte and let the current one expire or should I revoke it? What is “best practice” here?