We have had to reconfigure some of our customers Exchange Server settings recently as part of their SAN UC certificate renewal. This is due to the CA/Browser Forum, a collaborative effort between the Certificate Authorities and Browser vendors, phasing out the use of internal server names and reserved IP addresses from certificates from November 2015.

In a nutshell, this means if you use internal server names on your SAN UC certificate and have a domain such as .local, you will almost certainly need to change some settings on your Exchange Server, or apply your certificate at the perimeter of your network and use an internal CA for your Exchange server certificate. These changes are designed to stop the use of domains that cannot be verified in the public namespace.

Further information on the CA/Browser Forum and the changes can be found here: https://www.cabforum.org/index.html