What to Know Before Buying a Wildcard Certificate for Your Exchange Server

About Wildcard Certificates

Wildcard Certificates save our customers hundreds or even thousands of dollars a year by letting them install the same certificate on multiple servers. DigiCert's wildcard certificates also allow for Subject Alternate Names to be included for no additional cost, allowing a certificate to cover almost any sub-domain of the domain it was issued to.


Compare certificates and pricing

Wildcard Certificate Compatability with Exchange 2007

The decision to use wildcard certificates instead of standard SSL Certificates is generally based on cost. In terms of securing multiple sites or servers, the money you save using wildcard certificates adds up pretty fast. However, due to compatability issues, you cannot always use wildcard certificates in Exchange environments.

Most servers and virtually all client devices and applications accept wildcard certificates without any compatibility issues. But some servers (mostly older ones) are not configured to let you add an * in the common name for your certificate request. Others will let you add an *, but won't let you import wildcard certificates.

OS Compatability
Exchange 2007 Wildcard certificates work fine and do not cause any issues.
Exchange 2007 SP1 Not all services and applications are supported. Wildcards certificates cause compatibility issues with IMAP or POP3. However, all other services and applications in SP1 work fine with wildcard certificates (in fact, Microsoft's documentation seems to recommend them in several instances).

As far as we know, there are no other issues with wildcard certificates in Exchange 2007.

If you have any questions or issues with wildcard/Exchange compatibility, please contact our support department for assistance.

What Are My Options?

If need to use IMAP or POP3 on your secure Exchange 2007 SP1 server, we recommend purchasing a DigiCert Multi-Domain (SAN) Certificate. If you already purchased a Wildcard Certificate from us and want to switch to a Multi-Domain (SAN) Certificate, make sure you are running the latest version of Exchange and contact us.