What to Know Before Buying Wildcard SSL for Your Exchange Server
Wildcards in General
Wildcard certificates allow our customers to save hundreds or even thousands of dollars a year by installing the same certificate to multiple servers for no additional cost (thanks to our unlimited server license). In addition, DigiCert's Wildcard certificates allow for Subject Alternate Names to be included in the certificate at no extra cost to allow a certificate to cover literally ANY sub-domain of the domain it was issued to.
Wildcards on Exchange 2007
The purpose of using Wildcard certificates instead of standard SSL certificates is generally a matter of cost. In terms of securing multiple sites or servers, using a Wildcard will start to save you money pretty fast. This can also be true for an Exchange server administrator, although, due to compatibility issues, it is not always the case.
Where Wildcard SSL certificates run into issues on an Exchange 2007 server is in terms of server compatibility. Most servers, and virtually all client devices and applications, accept Wildcard certificates without any compatibility issues. A few servers, mostly older servers, do not. Some are not configured to allow an * in the common name of your certificate request, while others will let you add the *, but won't let you import the certificate.
Exchange 2007 is in a somewhat unique position, where Wildcards were 100% compatible with previous versions, work well with many of Exchange 2007's services, but for some reason other services will hang when a Wildcard certificate is installed.
Which Services Work, Which Don't?
Wildcards certificates are known to cause compatibility issues on Exchange 2007 servers when used in conjunction with IMAP or POP3. All other services and applications should work perfectly well with Wildcards (in fact, Microsoft's documentation seems to recommend them in several instances).
All other services, to the best of our knowledge and several years of experience, should work perfectly with Wildcard SSL.
If you have any questions, or notice any other issues with Wildcard Exchange compatibility, please contact our support department for assistance.
What Are Your Options?
If you will be needing to use POP or IMAP on your secure Exchange 2007 server, probably the best option that you have is to purchase a UC SSL certificate. If you have already purchased a Wildcard from us and wish to switch to a UC, just give us a call and our support team will help you out.
Exchange 2007 & Wildcards
Troubleshooting Wildcard installation on Exchange Server 2007.
