What to Know Before Buying Wildcard SSL for Your Exchange Server
Wildcards in General
Wildcard certificates allow our customers to save hundreds or even thousands of dollars a year by installing the same certificate to multiple servers for no additional cost (thanks to our unlimited server license). In addition, DigiCert's Wildcard certificates allow for Subject Alternate Names to be included in the certificate at no extra cost to allow a certificate to cover literally ANY sub-domain of the domain it was issued to.
Wildcards on Exchange 2007
The purpose of using Wildcard certificates instead of standard SSL certificates is generally a matter of cost. In terms of securing multiple sites or servers, using a Wildcard will start to save you money pretty fast. This can also be true for an Exchange server administrator, although, due to compatibility issues, it is not always the case.
Where Wildcard SSL certificates used to run into issues on an Exchange 2007 server is in terms of server compatibility. Most servers, and virtually all client devices and applications, accept Wildcard certificates without any compatibility issues. A few servers, mostly older servers, do not. Some are not configured to allow an * in the common name of your certificate request, while others will let you add the *, but won't let you import the certificate.
Exchange 2007 is in a somewhat unique position, where Wildcards were 100% compatible with previous versions, work well with all of Exchange 2007's services in current versions, but for some reason Exchange 2007 Server Service Pack 1 does not fully support wildcards.
Which Services Work, Which Don't in Service Pack 1?
Wildcards certificates are known to cause compatibility issues on Exchange 2007 SP 1 servers when used in conjunction with IMAP or POP3. All other services and applications should work perfectly well with Wildcards (in fact, Microsoft's documentation seems to recommend them in several instances).
All other services, to the best of our knowledge and several years of experience, should work perfectly with Wildcard SSL.
If you have any questions, or notice any other issues with Wildcard Exchange compatibility, please contact our support department for assistance.
What Are Your Options?
If you will be needing to use POP or IMAP on your secure Exchange 2007 server, probably the best option that you have is to purchase a UC SSL certificate. If you have already purchased a Wildcard from us and wish to switch to a UC, just make sure you are running the latest version of Exchange.
Exchange 2007 & Wildcards
Troubleshooting Wildcard installation on Exchange Server 2007.
© 2003-2012 DigiCert® Inc • SSL Certificate Authority • All Rights Reserved
All trademarks displayed on this web site are the exclusive property of the respective holders.