Link to home
Start Free TrialLog in
Avatar of FireBall
FireBall

asked on

Active Directory - Exchange - Wildcard SSL

We decide that to buy a wild card SSL for *.domain.com
but our minds get in trouble with texts :)
Some of the web sites tell


https://www.digicert.com/ssl-support/wildcard-compatibility.htm
LDAPS (Lightweight Directory Access Protocol) does not support wildcards.
Active Directory does not support wildcards.


i just want to know that should we use a wildcard ssl on all servers connected to the Active directory server i mean on

active directory server
exchange server
web server
san server
....etc.


should i use one wildcard ssl  ?
do i need to check for some specific point for that ?
is there any resourse that i should follow to install on active directory server ?
Avatar of M A
M A
Flag of United States of America image

You can use wild card.
Bur for Exchange recommended is UC/SAN certificate.
Not sure about AD
Avatar of FireBall
FireBall

ASKER

so it is not reliable to use one wildcard for all system ?
I mean what is your advice applying different certificates to servers instead of one wildcard ?
UC/SAN cert for exchange maybe for the others wilidcard ?
Does uc/san support multi subdomain like autodiscover.domain mail.domain ...etc ?
i personally would only use a wildcard certificate if you plan to use for multiple public-facing systems
for example, you could use for exchange but also for other web servers in the same domain
however, if you only have exchange, i would use a SAN cert as suggested
for internal systems only (AD, etc.) i would build an internal CA server which is much easier to setup for those systems
spending extra money on a wildcard cert for use on one system isn't worth the money

that link you referenced is outdated; other applications (like lync) now do support wildcard cert

Wildcard certificate support in Lync Server 2013
https://technet.microsoft.com/en-us/library/hh202161%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

Enable LDAP over SSL - Using Wildcard Cert?
https://www.experts-exchange.com/questions/27801704/Enable-LDAP-over-SSL-Using-Wildcard-Cert.html
we have a public system. And using
sharepoint
Exchange
Lynx
Active directory

Is there any thing that we need to do before generating certificate from the authority that we need to very very specially control  ?
or do we need to check for spesific feature on wild card ssl ?
ASKER CERTIFIED SOLUTION
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
while activating Wildcard SSL it asks for cer.
Where should i get the cer for the general system on a topology like that ?
not sure what you mean
are you in the process of purchasing it or installing it somewhere?
we have bought now it asked for CSR but i am not sure where to create CSR, i never worked with wildcard ssl before.
There are many places to generate CSR but for a complete domain where is the best place to generate CSR :)
http://prntscr.com/7coaqn

what should be the pointed places
csr is generated by the application; for example when you create a request from the exchange console then copy and paste the csr
who are you getting the cert from?
they typically will have instructions on how to do it
i've only used godaddy for wildcart cert though shouldn't be too different
who are you getting the cert from?
ssls.com

tehere are some opstions at the bottom but could not decide what to write to san part and select from bottom
which one did you select? seems you can choose different vendors from there
this provides the documents for the various ones

Where can I find instructions on how to generate a CSR?
https://www.ssls.com/knowledgebase-article.html?article_id=665&category_id=59
thank you