Active Directory - Exchange - Wildcard SSL

We decide that to buy a wild card SSL for *.domain.com
but our minds get in trouble with texts :)
Some of the web sites tell


https://www.digicert.com/ssl-support/wildcard-compatibility.htm
LDAPS (Lightweight Directory Access Protocol) does not support wildcards.
Active Directory does not support wildcards.


i just want to know that should we use a wildcard ssl on all servers connected to the Active directory server i mean on

active directory server
exchange server
web server
san server
....etc.


should i use one wildcard ssl  ?
do i need to check for some specific point for that ?
is there any resourse that i should follow to install on active directory server ?
FireBallITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
You can use wild card.
Bur for Exchange recommended is UC/SAN certificate.
Not sure about AD
0
FireBallITAuthor Commented:
so it is not reliable to use one wildcard for all system ?
I mean what is your advice applying different certificates to servers instead of one wildcard ?
UC/SAN cert for exchange maybe for the others wilidcard ?
Does uc/san support multi subdomain like autodiscover.domain mail.domain ...etc ?
0
Seth SimmonsSr. Systems AdministratorCommented:
i personally would only use a wildcard certificate if you plan to use for multiple public-facing systems
for example, you could use for exchange but also for other web servers in the same domain
however, if you only have exchange, i would use a SAN cert as suggested
for internal systems only (AD, etc.) i would build an internal CA server which is much easier to setup for those systems
spending extra money on a wildcard cert for use on one system isn't worth the money

that link you referenced is outdated; other applications (like lync) now do support wildcard cert

Wildcard certificate support in Lync Server 2013
https://technet.microsoft.com/en-us/library/hh202161%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

Enable LDAP over SSL - Using Wildcard Cert?
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_27801704.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

FireBallITAuthor Commented:
we have a public system. And using
sharepoint
Exchange
Lynx
Active directory

Is there any thing that we need to do before generating certificate from the authority that we need to very very specially control  ?
0
FireBallITAuthor Commented:
or do we need to check for spesific feature on wild card ssl ?
0
Seth SimmonsSr. Systems AdministratorCommented:
ok
in that case a wildcard cert would work for you for sharepoint, exchange and lync
not sure what you mean by special features...as long as the domain matches the public domain you are using, should be fine
i had done this at one place where we used it for exchange and customer web sites that required ssl
just added the domain name and it worked for all
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
while activating Wildcard SSL it asks for cer.
Where should i get the cer for the general system on a topology like that ?
0
Seth SimmonsSr. Systems AdministratorCommented:
not sure what you mean
are you in the process of purchasing it or installing it somewhere?
0
FireBallITAuthor Commented:
we have bought now it asked for CSR but i am not sure where to create CSR, i never worked with wildcard ssl before.
There are many places to generate CSR but for a complete domain where is the best place to generate CSR :)
0
FireBallITAuthor Commented:
http://prntscr.com/7coaqn

what should be the pointed places
0
Seth SimmonsSr. Systems AdministratorCommented:
csr is generated by the application; for example when you create a request from the exchange console then copy and paste the csr
who are you getting the cert from?
they typically will have instructions on how to do it
i've only used godaddy for wildcart cert though shouldn't be too different
0
FireBallITAuthor Commented:
who are you getting the cert from?
ssls.com

tehere are some opstions at the bottom but could not decide what to write to san part and select from bottom
0
Seth SimmonsSr. Systems AdministratorCommented:
which one did you select? seems you can choose different vendors from there
this provides the documents for the various ones

Where can I find instructions on how to generate a CSR?
https://www.ssls.com/knowledgebase-article.html?article_id=665&category_id=59
0
FireBallITAuthor Commented:
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.