Based on the way Exchange and Outlook uses certs, should I get a wildcard or multidomain cert?
I am finalizing things and I know I need ssl certificates. I had thought I would just go buy a wildcard cert so I could have a number of subdomains for things like the Outlook web app front end and the smtp front end for internet mail(TLS).
Probably from godaddy because they are the cheapest. As I am looking at the faq there is a note under how to import to Exchange 2010 that says "Exchange Server 2010 requires a Multiple Domain (UCC) Certificate to run all services securely." So which
is it? What do you guys use? Thanks.
April 27th, 2011 3:14pm
Hi OTS,
I would not recommended a wildcard certificate for Exchange. It´s possible to make it work but they do not support internal NETBIOS names of the servers and will only work if the internal/external domain names are the same.
Accordigly to Exchange team it´s also best practice that Microsoft recommends utilizing a certificate that supports Subject Alternative Names even if it works with wildcard certificate as well.
http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2011 3:43pm
Hello,
Yes, SAN is recommended.
For more reference:
More on Exchange 2007 and certificates - with real world scenario
http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx
Note: Although it was published for Exchange 2007, it also applies for Exchange 2010.
Thanks,
Simon
April 29th, 2011 4:27am