none
Exchange 2010 SSL certificate RRS feed

  • Question

  • HelloTeam

    Currently we are using exchange 2003 sp2 with wildcard ssl certificate .we are in process of migration from exchange 2003 to exchange 2010.we have installed exchange 2010 in our organisation .All rolls are on the same server.

    We would like procure SSL certificate for the same.we have secure one domain and 4 sub domains (FQDN 1+4) kindly suggest which SSL certificate we need to procure.below are the details for the same

    1) Mail.domain.com
    2) cic.domain.com
    3)webmail.domain.com
    4)csslex1.domain.com
    5) autodiscover.domain.com
    Awaiting your reply

    Regards
    Dayanand Gore

    Friday, October 19, 2012 6:14 AM

All replies

  • The most common certificate is the Unified Communications Certificate (UC Certificate)

    You will get 3-4 domain names depending on from where you buy it and then you can add and additional names to the cert for a smaller fee.


    Friday, October 19, 2012 6:36 AM
  • Hello

    Thanks for the reply

    what ssl certificate we need to procure wildcard certificate or true business ID certificate?

    Please suggest

    Regards

    Dayanand Gore

    Friday, October 19, 2012 7:02 AM
  • Typically you need these name:

    1. autodiscover.abc.com for autodiscover

    2. mail.abc.com for OWA, Outlook Anywhere, this should be the subject name

    3. legacy.abc.com for coexistence with Exchange 2003

    4. FQDN of your CAS server

    5. FQDN of your CAS array (if you have it)

    Friday, October 19, 2012 7:12 AM
  • Since you already have a wildcard cert for your domain (*.domain.com), you can use the same in Exchange 2010 as well. It will cover all the urls required.

    Export the cert along with the private key from the 2003 box and import it into the 2010 ones and any reverse proxies you may have.

    Keep it simple.


    Rajith Enchiparambil | http://www.howexchangeworks.com |

    HowExchangeWorks.Com

    Friday, October 19, 2012 7:35 AM
  • Using wildcard cert as subject name is not supported by Microsoft. And it is not best practice for security concern.

    I highly recommend using SAN cert instead of wildcard cert.


    • Edited by Li Zhen Friday, October 19, 2012 7:50 AM
    Friday, October 19, 2012 7:48 AM
  • Just to clearify, you can use your wildcard certificate.

    It is less secure but It all depends on your organization, number of internet facing CAS a.s.o. but i assume you have only one server then it´s not a big security issue.

    SAN and UC Certificates is the same (vendors cal them SAN or UCC or SAN/UCC)


    Friday, October 19, 2012 9:19 AM
  • HelloTeam

    Currently we are using exchange 2003 sp2 with wildcard ssl certificate .we are in process of migration from exchange 2003 to exchange 2010.we have installed exchange 2010 in our organisation .All rolls are on the same server.

    We would like procure SSL certificate for the same.we have secure one domain and 4 sub domains (FQDN 1+4) kindly suggest which SSL certificate we need to procure.below are the details for the same

    1) Mail.domain.com
    2) cic.domain.com
    3)webmail.domain.com
    4)csslex1.domain.com
    5) autodiscover.domain.com
    Awaiting your reply

    Regards
    Dayanand Gore

    http://www.digicert.com/unified-communications-ssl-tls.htm

    This wil give you some good idea on buying certificate.


    ExchangeGeek

    (MCITP,Enterprise Messaging Administrator)

    **My posts are provided “AS IS” without warranty of any kind**

    Friday, October 19, 2012 9:56 AM
  • Using wildcard cert as subject name is not supported by Microsoft.


    For the record, It sure is supported to used Wildcard certificates with Exchange.

    You even get the choice to use is when creating a certificate request using the Wizard in EMC...


    Also documented in: Understanding Digital Certificates and SSL



    Martina Miskovic

    Saturday, October 20, 2012 4:26 AM
  • Using wildcard cert as subject name is not supported by Microsoft.


    For the record, It sure is supported to used Wildcard certificates with Exchange.

    You even get the choice to use is when creating a certificate request using the Wizard in EMC...


    Also documented in: Understanding Digital Certificates and SSL



    Martina Miskovic

    Nope. It never say "Using wildcard cert as subject name is supported".

    Here says "There is no support for a wildcard entry as the subject name (also referred to as the common name or CN) for any role. The following server roles are supported when using wildcard entries in the SAN:..."

    http://technet.microsoft.com/en-us/library/hh202161.aspx




    • Edited by Li Zhen Saturday, October 20, 2012 4:54 AM
    Saturday, October 20, 2012 4:52 AM
  • Nope. It never say "Using wildcard cert as subject name is supported".

    Here says "There is no support for a wildcard entry as the subject name (also referred to as the common name or CN) for any role. The following server roles are supported when using wildcard entries in the SAN:..."

    http://technet.microsoft.com/en-us/library/hh202161.aspx



    There are considerations to make when having OCS/Lync in the enviroment, but still wildcard certificates are supported when it comes to Exchange.

    Martina Miskovic

    Saturday, October 20, 2012 4:56 AM
  • Yes, it did say supported. But is supported as SAN. I said it's not supported as subject name. No conflict.

    • Edited by Li Zhen Saturday, October 20, 2012 5:01 AM
    Saturday, October 20, 2012 5:00 AM
  • Hello

    Thanks for the reply

    Please let us know if we can use wildcard SSL certificate on 2003 and 2010 ? Kindly note both the servers will remain active.

    What is the  recomendation of Microsoft for the same

    Regards

    Dayanand Gore

    Wednesday, October 31, 2012 6:07 AM
  • Hello

     

    Thanks for the reply

    Please let us know if we can use wildcard SSL certificate on 2003 and 2010 ? Kindly note both the servers will remain active.

    What is the  recomendation of Microsoft for the same

     

    Regards

    Dayanand Gore

    Wednesday, October 31, 2012 6:07 AM
  • Please let us know if we can use wildcard SSL certificate on 2003 and 2010 ? Kindly note both the servers will remain active.

    What is the  recomendation of Microsoft for the same

    Hi,
    It is recommended to use a SAN/UC Certificate, but wildcard certificate is supported.

    See the section Certificate Planning for Upgrade in the below Technet Article.

    Upgrade from Exchange 2003 Client Access
    http://technet.microsoft.com/en-us/library/ee332348.aspx


    Martina Miskovic


    Wednesday, October 31, 2012 6:24 AM