• 10

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Wildcard SSL Certificates with Exchange 2010?

Is anyone using a Wildcard Cert with Exchange 2010 please?

We currently have a bunch of individual whatever.domain.com SSL certificates and as several are expiring soon it would be an ideal opportunity to move to a wildcard certificate.

At some point though we will be moving from Exchange 2003 to Exchange 2010, and I've read conflicting reports over whether wildcard certs work with Exchange 2010 as many guides seem to recommend a UCC/SAN certificate.

Our internal DNS domain name is the same as our external domain name.

Godaddy look like good VFM given they allow use on unlimited physical servers.

Thanks in advance.

    • Be appreciative for any additional comments/feedback. The Digicert Wildcard Certs with SANs look the most compatible but are pretty expensive vs. a Godaddy Wildcard SSL, or even a combination of a Godaddy Wildcard SSL and a separate SAN/UCC cert for the Exchange box.

Certs and exchange 2010 are a headache from what I've seen so far.

We have 2010 in the lab right now and think we will be able to get away with a wildcard SSL cert for device access from the internet, and then an Enterprise CA signed machine cert (Issued by ADCS), for each 2010 server for internal access.

We are using TMG 2010 as an edge transport server, so the SSL cert will sit on there, then the connection between TMG and Ex2010 CAS will be inside the domain, so secured by the Enterprise CA.

Only got this working this morning, but I think that will work. If your CAS is handling connections from the internet then ymmv. I'll be watching this question though!

  • 2
Reply Report
    • Initially I suspect we'll have a single box running CAS/Mailbox roles, which we'll then expand out to add some DAG redundancy - early days and I've not really done much Exchange 2010 planning/digging yet as it's the "little things" like SSL certs that seem to be the most troublesome.

The only real issue we've had so far is with certain Outlook clients. We basically had to add a setting to specify the cert and it worked:


It seems that autodiscover would set the cert name to blah.domain.com and Outlook complains since it doesn't match *.domain.com. If you set the above in the Outlook client manually, it goes through. Note - we have not completed our migration yet from Exch 2003 so we might run into more issues. This is the only one so far though.

  • 1
Reply Report

Wildcards and UC certificate were meant to accomplish 2 different things. If you have multiple domains and you are using Exchange server, then UC certificates are the way to go. If you only have differing subdomains, then wildcards will work, but this is the exception. Most of our clients at ssl.com have a number of domain names including internal server names so uc (or SANS) certificates are the most commonly chosen ones. Also note that you can embed wildcards in ucc if you need the flexibility of both.

As for value of each type, each customer must derive that for themselves. Where one customer may think it's a ripoff, another may find that it saves countless hours in ssl management time. You decide.

  • 1
Reply Report
      • 1
    • They do thanks, but I've not yet seen a satisfactory explanation of exactly when/why you may need a dedicated UCC/SAN cert for Exchange 2010 over a wildcard cert. It almost seems to be lots of cases of "We couldn't get a wildcard to work, we got a UCC/SAN and it started working".
      • 1
    • You can go with a ucc / san when you are certain of your domain names. If you are a service provider then one should use a wildcard certificate. Microsoft Exchange Online uses a wildcard certificate.

Trending Tags