SSL and Exchange 2010 best practices
Posted on 2010-11-15
I am installing exch 2010 into my already existing exch 2003 and 2007 infrastructure. I will have all 3 versions of exchange running concurrently till I eventually migrate to just 2010.
Im looking at some of the recommendations for SSL and certificate designs. I’m guessing the best method for use with services like:
• Outlook Web App
• Exchange Control Panel
• Exchange Web Services
• Exchange ActiveSync
• Outlook Anywhere
• Outlook Address Book distribution
Is to use a Commercial CA. I see where in my scenario Microsoft recommends a certificate for Legacy.contoso.com, my existing name space : mail.contoso.com and autodiscover.contosco.com. Can I use a wildcard cert for this? Is it recommended or not?
Also, what kind of certs should I use for my exchange connectors? Self-signed, PKI or commercial?
Any ideas or advice is appreciated!