FireBall
asked on
Active Directory - Exchange - Wildcard SSL
We decide that to buy a wild card SSL for *.domain.com
but our minds get in trouble with texts :)
Some of the web sites tell
i just want to know that should we use a wildcard ssl on all servers connected to the Active directory server i mean on
active directory server
exchange server
web server
san server
....etc.
should i use one wildcard ssl ?
do i need to check for some specific point for that ?
is there any resourse that i should follow to install on active directory server ?
but our minds get in trouble with texts :)
Some of the web sites tell
https://www.digicert.com/ssl-support/wildcard-compatibility.htm
LDAPS (Lightweight Directory Access Protocol) does not support wildcards.
Active Directory does not support wildcards.
i just want to know that should we use a wildcard ssl on all servers connected to the Active directory server i mean on
active directory server
exchange server
web server
san server
....etc.
should i use one wildcard ssl ?
do i need to check for some specific point for that ?
is there any resourse that i should follow to install on active directory server ?
ASKER
so it is not reliable to use one wildcard for all system ?
I mean what is your advice applying different certificates to servers instead of one wildcard ?
UC/SAN cert for exchange maybe for the others wilidcard ?
Does uc/san support multi subdomain like autodiscover.domain mail.domain ...etc ?
I mean what is your advice applying different certificates to servers instead of one wildcard ?
UC/SAN cert for exchange maybe for the others wilidcard ?
Does uc/san support multi subdomain like autodiscover.domain mail.domain ...etc ?
i personally would only use a wildcard certificate if you plan to use for multiple public-facing systems
for example, you could use for exchange but also for other web servers in the same domain
however, if you only have exchange, i would use a SAN cert as suggested
for internal systems only (AD, etc.) i would build an internal CA server which is much easier to setup for those systems
spending extra money on a wildcard cert for use on one system isn't worth the money
that link you referenced is outdated; other applications (like lync) now do support wildcard cert
Wildcard certificate support in Lync Server 2013
https://technet.microsoft.com/en-us/library/hh202161%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396
Enable LDAP over SSL - Using Wildcard Cert?
https://www.experts-exchange.com/questions/27801704/Enable-LDAP-over-SSL-Using-Wildcard-Cert.html
for example, you could use for exchange but also for other web servers in the same domain
however, if you only have exchange, i would use a SAN cert as suggested
for internal systems only (AD, etc.) i would build an internal CA server which is much easier to setup for those systems
spending extra money on a wildcard cert for use on one system isn't worth the money
that link you referenced is outdated; other applications (like lync) now do support wildcard cert
Wildcard certificate support in Lync Server 2013
https://technet.microsoft.com/en-us/library/hh202161%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396
Enable LDAP over SSL - Using Wildcard Cert?
https://www.experts-exchange.com/questions/27801704/Enable-LDAP-over-SSL-Using-Wildcard-Cert.html
ASKER
we have a public system. And using
sharepoint
Exchange
Lynx
Active directory
Is there any thing that we need to do before generating certificate from the authority that we need to very very specially control ?
sharepoint
Exchange
Lynx
Active directory
Is there any thing that we need to do before generating certificate from the authority that we need to very very specially control ?
ASKER
or do we need to check for spesific feature on wild card ssl ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
while activating Wildcard SSL it asks for cer.
Where should i get the cer for the general system on a topology like that ?
Where should i get the cer for the general system on a topology like that ?
not sure what you mean
are you in the process of purchasing it or installing it somewhere?
are you in the process of purchasing it or installing it somewhere?
ASKER
we have bought now it asked for CSR but i am not sure where to create CSR, i never worked with wildcard ssl before.
There are many places to generate CSR but for a complete domain where is the best place to generate CSR :)
There are many places to generate CSR but for a complete domain where is the best place to generate CSR :)
ASKER
csr is generated by the application; for example when you create a request from the exchange console then copy and paste the csr
who are you getting the cert from?
they typically will have instructions on how to do it
i've only used godaddy for wildcart cert though shouldn't be too different
who are you getting the cert from?
they typically will have instructions on how to do it
i've only used godaddy for wildcart cert though shouldn't be too different
ASKER
who are you getting the cert from?
ssls.com
tehere are some opstions at the bottom but could not decide what to write to san part and select from bottom
ssls.com
tehere are some opstions at the bottom but could not decide what to write to san part and select from bottom
which one did you select? seems you can choose different vendors from there
this provides the documents for the various ones
Where can I find instructions on how to generate a CSR?
https://www.ssls.com/knowledgebase-article.html?article_id=665&category_id=59
this provides the documents for the various ones
Where can I find instructions on how to generate a CSR?
https://www.ssls.com/knowledgebase-article.html?article_id=665&category_id=59
ASKER
thank you
Bur for Exchange recommended is UC/SAN certificate.
Not sure about AD