asked on

Do I need UCC Certificate?

I'm trying to understand when I need to purchase a UCC certificate. From my understanding so far, I only need UCC certificate only if I need to secure multiple domains correct? What if I need certificate for an Exchange server and also for RDP access? For example, mail.domain.com and remote.domain.com. This is still one domain but multiple sub-domain if I am correct. Pls advise, thanks.

ITguy565

Multi-domain SSL Certificates are certificates that secure multiple domains and multiple hostnames within a domain. They are commonly referred to as Unified Communications Certificates (UCC). UC Certificates are ideal for Microsoft® Exchange Server 2007, Exchange Server 2010, and Microsoft Live® Communications Server because they allow you to secure a primary domain, and up to 99 additional Subject Alternative Names (SAN), in a single UC Certificate.

UCC certs allow you to use a single ssl certificate in a shared host environment so they are also ideal in situations where the number of ip addresses are limited such as in a cloud presence (for example Amazon EC2 or Rackspace cloud). For instance, if you have 10 sites with differing domains or host names, and only one ip address to use among them and you want them to have ssl digital certificate protection, then a multi domain ucc ssl certificate is ideal for this situation.

In a shared hosting environment, the UC Certificate "Issued To" will only list the primary domain (but the site seal can list the remaining domains in the SAN). Please be aware that any other or secondary domains will be listed in the UCC SSL certificate as well. If you do not want domains or sites to appear related to each other via the ssl certificate details, then this is something that you should factor in when ordering a multi domain ssl certificate.

http://info.ssl.com/article.aspx?id=12157

Jeff Glover

A UCC certificate can secure multiple domains, multiple host names in a domain or a combination of both. In theory, in your case above, you could use a Wildcard certificate but it will cost more and in my experience, may give you troubles with Exchange if you are trying to use other services in your domain like Skype for Business

Exchange works better with a SAN certificate since you normally have multiple hostnames on the certificate. (mail, autodiscover, etc....)

btan

As the expert mentioned, it is for multiple domain. The specific is any number of different domain names can be included in the SAN field of the certificate enabling the certificate to work on any of the included domain names. For example, you could get one UC SSL Certificate to cover all of the following:

mydomain.com
mail.mydomain.com
autodiscover.mydomain.com
anotherdomain.com

Normally most opt for UCC as it can provide significant cost savings in many situations. For e.g. for certain features in Microsoft's Exchange Server, Office Communications Server, and Live Communications Server.

Likewise for the remote gateway use case, you could have a UCC Cert like this:

Main Domain: remote.mypublicdomain.com
Secondarys: remote.mydomain.local
rdsh11.mydomain.local
rdsh12.mydomain.local
rdsh13.mydomain.local

Operationally to track and renew the certificate will also be more streamline.

SOLUTION