none
Single domain or Wild card SSL, where to buy? RRS feed

  • Question

  • My OWA site is mail.contoso.com. Autodiscover is autodiscover.contoso.com.

    Do I need a single domain certificate to just cover mail.contoso.com and everything will work or do I need a wild card certificate to cover autodiscover.contoso.com?

    I want to make sure Outlook Anywhere will work normally but don't want to pay extra for a wild card certificate if I don't need it.

    I'm currently using a self-signed certificate and this will be my first paid SSL certificate. When manually installing the self-signed certificate when setting up Outlook, the prompt comes up as autodiscover.contoso.com for the site URL.

    Thanks!





    Monday, November 18, 2019 4:20 AM

Answers

  • Hi Susan_773,

    As mentioned above, you will need a SAN cert to include the names you need. 

    You could try building an internal Certificate Authority in your organization and create a new certificate request for it. the procedures are the same for an internal CA (for example, Active Directory Certificate Services) or a commercial CA.

    Internal Certificate Authorities (CAs) are cheaper to configure, and expand the Public Key Infrastructure (PKI). However, external parties normally will not trust a digital certificate signed by an internal Certification Authority (CA).

    Once you are familiar with the steps of creating new certificate request, you could choose different commercial CA to compare the price and so on.

    For detailed information: Create an Exchange Server certificate request for a certification authority

    Regards,

    Joyce Shen


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 19, 2019 6:29 AM
  • Hi

    No a normal SSL certificate will work. You can have multiple names on the SAN cert, mail and autodiscover will be fine.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, November 18, 2019 4:23 AM
    Moderator

All replies

  • Hi

    No a normal SSL certificate will work. You can have multiple names on the SAN cert, mail and autodiscover will be fine.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, November 18, 2019 4:23 AM
    Moderator
  • Thanks for the reply.

    So get a regular SAN certificate.

    Where is typically the best, cheapest place to purchase one?

    I'm diverging a bit but if I were to have a Skype for business server at skype.contoso.com, etc., could I use the same certificate or would I need a separate one? I'm also new to Skype for business server.


    • Edited by Susan_773 Monday, November 18, 2019 4:29 AM
    Monday, November 18, 2019 4:27 AM
  • cheap is not always good :-)

    DigiCert offers good certificates for a reasonable price. You can have up to 4 names on the cert if im not mistaken, in your case it will be 3 so you should be covered. they offer the cert for $207 and the wildcard way more expensive which is $653

    There support is very good, i use it in my company and for my personal stuff as well. i am by no means punting for them, i have just experienced tremendous help and ease of things.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, November 18, 2019 4:36 AM
    Moderator
  • Hi Susan_773,

    As mentioned above, you will need a SAN cert to include the names you need. 

    You could try building an internal Certificate Authority in your organization and create a new certificate request for it. the procedures are the same for an internal CA (for example, Active Directory Certificate Services) or a commercial CA.

    Internal Certificate Authorities (CAs) are cheaper to configure, and expand the Public Key Infrastructure (PKI). However, external parties normally will not trust a digital certificate signed by an internal Certification Authority (CA).

    Once you are familiar with the steps of creating new certificate request, you could choose different commercial CA to compare the price and so on.

    For detailed information: Create an Exchange Server certificate request for a certification authority

    Regards,

    Joyce Shen


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 19, 2019 6:29 AM
  • You can also use a free LetsEncrypt certificate that renews automatically every 3 months.

    Tuesday, November 19, 2019 4:43 PM
  • Hi,

    Do suggestions above help? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Regards,

    Joyce Shen


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 21, 2019 1:19 AM
  • Hi,

    Any updates about your issue?

    A brief summary of this post so that other forum members could easily find useful information here:

    [Single domain or Wild card SSL, where to buy? - summary]

    Issue Symptom:
    When manually installing the self-signed certificate when setting up Outlook, the prompt comes up as autodiscover.contoso.com for the site URL.
    Getting a regular SAN certificate.
    Where is typically the best, cheapest place to purchase one?

    Solution:
    Try building an internal Certificate Authority in your organization and create a new certificate request for it. 
    Or request a certificate from commercial CA

    Regards,

    Joyce Shen


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 26, 2019 8:55 AM