We help IT Professionals succeed at work.

Assigning services to  a wildcard cert on Exchange 2010 sp3

matedwards asked
I have a new wildcard certificate installed on our Exchange 2010 server.

1) Can I just assign the services presently assigned to our old existing certificate.?

2) If anything stops working can I roll-back and re-assign the services to the original certificate that is still valid.?

3) There are some old post on EE advising against wildcard certs on Exchange as it has Activesync issues.. is this still the case.?
Exchange Certificates
Any advice would be greatly appreciated

Watch Question

MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017
No problem you can go ahead with assigning services on wild card cert. You can role back if you face any issue.
Normally we recommend UC certificate for Exchange.

If you have multiple email domains you cannot use wild card you have to use UC certificate.
The ActiveSync chatter is probably fairly old.
Most modern smart phones can handle a wildcard certificate fine - however check with the manufacturer to be certain.

also... per  https://www.digicert.com/ssl-support/wildcard-compatibility.htm

Security Certificate Errors
SSL Certificates      
Code Signing Certificates      
About Us      
Wildcard Compatibility Errors

Almost all servers, devices, services, and platforms work fine with wildcard certificates. However, there are a few known incompatibilities. These issues are not specific to DigiCert® certificates—they are caused by the way wildcard characters are handled.

Microsoft Office Communication Server does not accept wildcards.

Microsoft Lync Server does not accept wildcards.

Oracle Wallet Manager does not accept wildcards.

Windows Mobile 5 devices cannot use wildcards. This is not an issue in future versions.

Microsoft Outlook cannot use RPC over HTTP with a wildcard unless you change the Outlook provider to *.yourdomain.com.

Barracuda Spam Firewalls can only create a certificate with a name that matches the server name. Technically, you can work around this issue by naming your server in the *.domain.com format.

LDAPS (Lightweight Directory Access Protocol) does not support wildcards.

Active Directory does not support wildcards.

Microsoft Exchange 2007 Service Pack 1 will not work with IMAP and POP services. This is not an issue in future versions.
Keep in mind that most devices or applications accept wildcard certificates unless explicitly stated otherwise in the product's documentation.

with regard to above Outlook issue:


1. Outlook 2010 on Windows 7: everything will work perfectly fine with no problems.

2. Outlook 2007 before SP2: Out Of Office will not work internally using RPC until you apply Service Pack 3 and latest updates.

3. Outlook 2007 SP2 with Windows 7: will work internal by RPC and from Internet by Outlook Anywhere.

4. Outlook 2007 with Windows XP: Outlook RPC internally will work fine. Outlook Anywhere will keep asking about user name and password repeatedly and will not work.


Wow..!! Quick and comprehensive answers..

many thanks guys..