Active Directory - Exchange - Wildcard SSL

We decide that to buy a wild card SSL for *.domain.com
but our minds get in trouble with texts :)
Some of the web sites tell


https://www.digicert.com/ssl-support/wildcard-compatibility.htm
LDAPS (Lightweight Directory Access Protocol) does not support wildcards.
Active Directory does not support wildcards.


i just want to know that should we use a wildcard ssl on all servers connected to the Active directory server i mean on

active directory server
exchange server
web server
san server
....etc.


should i use one wildcard ssl  ?
do i need to check for some specific point for that ?
is there any resourse that i should follow to install on active directory server ?
FireBallITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
You can use wild card.
Bur for Exchange recommended is UC/SAN certificate.
Not sure about AD
FireBallITAuthor Commented:
so it is not reliable to use one wildcard for all system ?
I mean what is your advice applying different certificates to servers instead of one wildcard ?
UC/SAN cert for exchange maybe for the others wilidcard ?
Does uc/san support multi subdomain like autodiscover.domain mail.domain ...etc ?
Seth SimmonsSr. Systems AdministratorCommented:
i personally would only use a wildcard certificate if you plan to use for multiple public-facing systems
for example, you could use for exchange but also for other web servers in the same domain
however, if you only have exchange, i would use a SAN cert as suggested
for internal systems only (AD, etc.) i would build an internal CA server which is much easier to setup for those systems
spending extra money on a wildcard cert for use on one system isn't worth the money

that link you referenced is outdated; other applications (like lync) now do support wildcard cert

Wildcard certificate support in Lync Server 2013
https://technet.microsoft.com/en-us/library/hh202161%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

Enable LDAP over SSL - Using Wildcard Cert?
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_27801704.html
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

FireBallITAuthor Commented:
we have a public system. And using
sharepoint
Exchange
Lynx
Active directory

Is there any thing that we need to do before generating certificate from the authority that we need to very very specially control  ?
FireBallITAuthor Commented:
or do we need to check for spesific feature on wild card ssl ?
Seth SimmonsSr. Systems AdministratorCommented:
ok
in that case a wildcard cert would work for you for sharepoint, exchange and lync
not sure what you mean by special features...as long as the domain matches the public domain you are using, should be fine
i had done this at one place where we used it for exchange and customer web sites that required ssl
just added the domain name and it worked for all

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
while activating Wildcard SSL it asks for cer.
Where should i get the cer for the general system on a topology like that ?
Seth SimmonsSr. Systems AdministratorCommented:
not sure what you mean
are you in the process of purchasing it or installing it somewhere?
FireBallITAuthor Commented:
we have bought now it asked for CSR but i am not sure where to create CSR, i never worked with wildcard ssl before.
There are many places to generate CSR but for a complete domain where is the best place to generate CSR :)
FireBallITAuthor Commented:
http://prntscr.com/7coaqn

what should be the pointed places
Seth SimmonsSr. Systems AdministratorCommented:
csr is generated by the application; for example when you create a request from the exchange console then copy and paste the csr
who are you getting the cert from?
they typically will have instructions on how to do it
i've only used godaddy for wildcart cert though shouldn't be too different
FireBallITAuthor Commented:
who are you getting the cert from?
ssls.com

tehere are some opstions at the bottom but could not decide what to write to san part and select from bottom
Seth SimmonsSr. Systems AdministratorCommented:
which one did you select? seems you can choose different vendors from there
this provides the documents for the various ones

Where can I find instructions on how to generate a CSR?
https://www.ssls.com/knowledgebase-article.html?article_id=665&category_id=59
FireBallITAuthor Commented:
thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.