My understanding is that when you have a cert issued by most 3rd party CAs that the order of the names listed in the SAN will be presented to the device requesting the cert in what amounts to a random order. It is also my understanding that the order in which you enter the FQDNs in the SAN on a cert from a Microsoft CA is how they will be presented to the device requesting the cert. In other words on a Microsoft CA generated cert, whatever you put in as the last entry on the SAN will be presented last to the requesting device.
Given this and the R2 release note that states that the pool FQDN has to be the last entry on a SAN in order to get the ACD service to start, how could you use a cert from a 3rd party if you can't ensure that the pool FQDN will be presented last?
There is no inhenreten difference between a 3rd party certificate or an internal CA certificate in regards to the order that the SAN entries are 'presented'. The values are entered in a single string in a defined order and parsed in that order by the application reading the certificate, so once the order is set all usage of that certificate will be the same. The created CSR defines the field values so the OCS wizard can set these the same regardless of what CA will be issuing a certifcate against it.Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
Using 3rd Party Certificates Internally
