Requirements for Exchange 2010 certificate?

We want to change the current certificate (internal CA) of our Exchange 2010 server with a public wildcard certificate.

The new certificate will be bought by the developer of the website. Are there any special requirements we should communicate if we want to use that SSL-certificate for Exchange in addition to the website?

What files do we need to import the SSL wildcard certificate (bought for the website) in Exchange?
exexcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
Your exchange need 2 names if you have only one domain.
1. mail.domain.com
2.autodiscover.domain.com
Please check these for details.
1. Technet
2. EE
0
exexcAuthor Commented:
The web developer will get a wildcard certificate for the domain. So all subdomains should be covered.

What I don't know is, if we have to tell him that certain requirements exist for Exchange 2010.

For example is it recommended to get a 2048bit/SHA256 certificate or is SHA256 a Problem for Exchange 2010? Is there a more secure type of certificate than 2048bit/SHA256?

What kind of files does he have to send us? I guess we will need a file with the private key, a file with the public key, maybe a file for an Intermediate CA? Are these files required in a specific file format?

I never worked with public certificates in Windows, so I don't know what requirements I have to communicate to the web developer.
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
You can go for a wildcard certificate which is more secured than having a cert with different SANS. It means that a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.

The below site would give you more info;

https://www.digicert.com/wildcard-ssl-certificates.htm
0
Adam BrownSr Solutions ArchitectCommented:
1. The bit-length of the key determines the security of the hashing used to generate your certificate request. Higher is better, but will also increase the resources used by IIS when encryption data. 2048/SHA256 is sufficient for now and will be for the next few years. 1024 or lower is considered to be crackable and not recommended.

2. You will need to generate a Certificate Request file on the Exchange server for the Wildcard cert, then forward that to the web developer. The Developer will request the certificate from the Third Party CA. The CA will provide him with a file that is a "response" the the request. When you complete the Certificate request on the Exchange server, you will use this file as the response, and the server will then generate the certificate and configure it for use by the server. Once that's done, the certificate can be exported for use on other systems if you choose, but you must select the option to make the certificate exportable when creating the certificate request. If you don't do that on the server you create the certificate on, the cert will only be usable on that server.

That's basically the whole process. And to correct another user's statement, Wildcard certificates are considered *less* secure than a multiple SAN cert because the certificate will authenticate any name used against it as long as the domain name is correct. However, the difference in security is negligible and not usually a big deal.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.