We are in the process of migrating a customer from 2007 to 2010 SP3. The Wildcard is already integrated in the two KEMP and the CAS Servers and activated for IIS/POP3. The Set-mapi** und set-pop*** are set.

Setup:

2 x KEMP Load Balancers

2 x CAS/HUB 2010

2 x Mailbox DAG

We regulary use SAN-Certificates since 2007. The customer has an existing wildcard certificate for his DOMAIN.

WAN External: domain.ch (The customer currently makes limited usage of external access ONLY OWA (No Activesync, No RPC-Proxy wanted). IF external we will use a MDM Management solution like Good or others.

LAN Internal: domain.ch

Everything is clear from my side except that we found the information that AUTODISCOVER does not work or limited with Wildcard certificates.

Can anybody state on this and if any problems have arrised with using the WILDCARD Certificate.

We are aware that the usage of the wildcard decreases the secuirty of the whole box.

Thank you

Greetings from Switzerland ;-)

Hi
You can use Wildcard certificates for all the names that exchange required, but we don't recommend use Wildcard certificates because of security option.
Digital Certificates and SSL
Best practice : use SAN certificates
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx