Even when using Exchange SSL certificates that are signed by an internal CA, you will still occasionally have to renew them. Using EAC (https://your-exchange-server/ecp), this should be pretty straightforward, or is it?

After logging on to EAC, and navigating to "Servers" → "Certificates", select the expired certificate, then on the right pane, you can click "Renew" to generate a certificate signing request with all the proper SANs. This CSR can then be used with your internal CA to sign the request and generate a new certificate.

Unfortunately, you will most likely hit a snare: the CSR generated by the Exchange server does not contain any certificate tem  ...