Because there are multiple services, each with a different possible DNS name, there are three strategies
to handle this. First, generate multiple certificates, one for each URL. The second is to use a certificate
with Subject Alternate Names (SANs), which allow a list of DNS names. This is also referred to as a
Unified Communication certificate. The third is a wildcard certificate, which works for any DNS name in
a domain. Not all clients work with SAN or wildcard certificates and may not function correctly. The
following table discusses the pros and cons of the different certificate types:
Certificate
Type Benefit Drawback Example
Multiple
Single
Certificates
Very flexible No
compatibility
issues
May not be cost
effective if there are
many DNS names.
More certificates to
manage.
Webmail.exchangeexchange.com
Subject
Alternate
Names
Can use one
certificate to
cover multiple
DNS names
Possible compatibility
issues
Autodiscover
.exchangeexchange.com,
Webmail.exchangeexchange.com
Wildcard Can be most
cost effective
Likely compatibility
issues. In particular,
mobile devices may
not understand the
wildcard certificate.
*.exchangeexchange.com
The request process is different than certificate requests for other applications. If the correct process is
not followed, the resulting certificate may not be valid.
Pages:
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269