SSL and Mail

Does my UCC SSL need to have my domain name alone? When it was setup it included the domain root. Right now I have

Do I need the, seems that it causes problems sometimes?

I am renewing for my website which I and Same domains.
JenniferIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chad FranksSenior System EngineerCommented:
You could create at wildcard certificate *  If you did that you could use it for anything related.  I have used these in the past without issues.
JenniferIT DirectorAuthor Commented:
I could do that on the UCC but my UCC is my exchange certificate and I only want it to be my exchange certificate. I have a different certificate for my website. I then have a separate certificate for my VPN. So do I need to have on all?
Wouldn't putting * on any of them cause a conflict between them?

Or should I have them separate?,, and on the UCC, on the VPN, and then and on the SSL for the web?
Chad FranksSenior System EngineerCommented:
There would be no conflicts using the *, since anything registered before the would be covered.  I have used wildcard certs in this type configuration in the past.  If you want to keep it separate, then you could create one specifically for Exchange and then use the wildcard for the rest. There would be no conflict if you used 2 different certs and * on the same server.  Since they would be used for specific applications..
Simon Butler (Sembee)ConsultantCommented:
The Microsoft wizard will usually put the root of the domain in to the certificate, and that is probably where it has come from.
Personally I don't like to use wildcard certificates with Exchange, I have had quite a few problems with them.

For Exchange, you only two host names - common name, which shouldn't match the server's real name

No other names are required on the SSL certificate, although you can include them if you wish.
Some SSL providers will add by default, but that isn't required.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chad FranksSenior System EngineerCommented:
You could also use SAN certificates,  Subject Alternative name, that way you can use multiple host names for the same cert.  

Using a SAN certificate saves you the hassle and time involved in configuring multiple IP addresses on your Exchange server, binding each IP address to a different certificate.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.