SSL and Mail

Does my UCC SSL need to have my domain name alone? When it was setup it included the domain root. Right now I have

autodiscover.XXX.com
mail.XXX.com
exchange.XXX.com
and
XXX.com

Do I need the XXX.com, seems that it causes problems sometimes?

I am renewing for my website which I www.XXX.com and XXX.com. Same domains.
JenniferIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chad FranksSenior System EngineerCommented:
You could create at wildcard certificate *.xxx.com.  If you did that you could use it for anything .xxx.com related.  I have used these in the past without issues.
0
JenniferIT DirectorAuthor Commented:
I could do that on the UCC but my UCC is my exchange certificate and I only want it to be my exchange certificate. I have a different certificate for my website. I then have a separate certificate for my VPN. So do I need to have xxx.com on all?
Wouldn't putting *.domain.com on any of them cause a conflict between them?

Or should I have them separate?
mail.domain.com, autodiscover.domain.com, and server.domain.com on the UCC, vpn.domain.com on the VPN, and then www.domain.com and domain.com on the SSL for the web?
0
Chad FranksSenior System EngineerCommented:
There would be no conflicts using the *.domain.com, since anything registered before the .domain.com would be covered.  I have used wildcard certs in this type configuration in the past.  If you want to keep it separate, then you could create one specifically for Exchange and then use the wildcard for the rest. There would be no conflict if you used 2 different certs mail.domain.com and *.domain.com on the same server.  Since they would be used for specific applications..
0
Simon Butler (Sembee)ConsultantCommented:
The Microsoft wizard will usually put the root of the domain in to the certificate, and that is probably where it has come from.
Personally I don't like to use wildcard certificates with Exchange, I have had quite a few problems with them.

For Exchange, you only two host names

host.example.com - common name, which shouldn't match the server's real name
Autodiscover.example.com

No other names are required on the SSL certificate, although you can include them if you wish.
Some SSL providers will add www.host.example.com by default, but that isn't required.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chad FranksSenior System EngineerCommented:
You could also use SAN certificates,  Subject Alternative name, that way you can use multiple host names for the same cert.  

Using a SAN certificate saves you the hassle and time involved in configuring multiple IP addresses on your Exchange server, binding each IP address to a different certificate.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.