It's not recommended because it doesn't work on some phones. If all our phones support wildcard certs, it's just fine.
I've got lots of clients installed with wildcard certs. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, August 05, 2011 1:10 PM To: MS-Exchange Admin Issues Subject: Re: transition from exchange 2003 to 2010 OK! That's good to know. We'll be switching from E2k3 to E2010 in the near future. Kinda sucks that our expensive wildcard cert won't be useful. Kurt On Fri, Aug 5, 2011 at 07:55, KevinM <kev...@wlkmmas.org> wrote: > Technically you need to have the names on the cert to make things work > correctly. You can kind of make it work with a wild card but it is not very > pretty, and not recommended.. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Friday, August 05, 2011 7:52 AM > To: MS-Exchange Admin Issues > Subject: Re: transition from exchange 2003 to 2010 > > So, why go with a SAN cert instead of a wildcard cert? Is it just price, or > is there a technical advantage? > > On Fri, Aug 5, 2011 at 07:45, Paul Hutchings <paul.hutchi...@mira.co.uk> > wrote: >> >> Just done this, fun aint it J We got a single SAN/UCC cert for domain.com, >> mail.domain.com, legacy.domain.com and autodiscover.domain.com. >> >> >> >> We put it on the CAS and the 2003 FE, not the 2003 BE (and of course our >> reverse proxy for SSL inspection). >> >> >> >> This is what I have in my notes for KB937031: >> >> >> >> Steps to enable Integrated Windows Authentication after you install >> hotfix 937031 on the Exchange 2003 back-end server >> >> To work around this problem, turn on Integrated Windows Authentication. To >> do this, follow these steps: >> >> Start Exchange System Manager. >> >> Expand Administrative Groups, expand Administrative_Group_Name, and then >> expand Servers. >> >> Expand Your_Server_Name, expand Protocols, and then expand HTTP. >> >> Expand Exchange Virtual Server, right-click Microsoft-Server-ActiveSync, and >> then click Properties. >> >> Click the Access tab, and then click Authentication. >> >> Click to select the Integrated Windows Authentication check box. >> >> Click OK two times. To verify that this successfully replicated to the >> metabase on the Exchange server, follow these steps: >> >> Open the Internet Information Services (IIS) Manager under Administrative >> Tools. >> >> Expand the Computer, expand Web Sites, and then expand Default Web Site. >> >> Right-click Microsoft-Server-ActiveSync, and then click Properties. >> >> Click the Directory Security tab, and then select the Edit button under >> Authentication and access control. >> >> Verify that the Integrated Windows Authentication check box is selected. >> >> >> >> Note If this check box is selected, you have successfully replicated the >> change that was made in the Exchange System Manager to the metabase on the >> Exchange server. >> >> Click Cancel two times, and then exit Internet Information Services (IIS) >> Manager. You can now test synching with your mobile device. >> >> From: Jason Benway [mailto:benw...@jsjcorp.com] >> >> Sent: 05 August 2011 15:35 >> To: MS-Exchange Admin Issues >> Subject: transition from exchange 2003 to 2010 >> >> >> >> I’ve been doing A LOT of reading. One thing I haven’t been able to find is >> where the new cert needs to be installed. >> >> >> >> I’m assuming its on the CAS, exchange 2003 FE and exchange 2003 mbx servers? >> >> >> >> Should I also put the internal names on the SAN cert? or just the external >> DNS names? >> >> >> >> What about the hotfix kb937031 does that go on all exchange 2003 servers? Or >> just the FE? >> >> >> >> Thanks,jb >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> ________________________________ >> MIRA Ltd >> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered >> in England and Wales No. 402570 VAT Registration GB 100 1464 84 The >> contents of this e-mail are confidential and are solely for the use of the >> intended recipient. If you receive this e-mail in error, please delete it >> and notify us either by e-mail, telephone or fax. You should not copy, >> forward or otherwise disclose the content of the e-mail as this is >> prohibited. >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
