Communication protection: Exchange / Lync

Solutions for Microsoft developers, partners and resellers


For the protection of the Microsoft Exchange environment, Microsoft requires special certificates which cover several domains at the same time. The Multi-Domain certificates represent the perfect solution here. For newer Exchange versions (post-2010), you can also make use of the more favourably priced Wildcard certificates on a restricted basis.

If you install a UCC/SAN environment with MS Exchange there is always the question if you could choose for a (cheaper) wildcard certificate or if you opt for a (more expensive) Multidomain certificate. In earlier times CAs offered a special UCC/SAN certificate which allowed also internal domain names or even internal IP addresses. This type of certificate is no longer allowed.

Generally we recommend SSL Multidomain certificates for Microsoft UCC/SAN environments. Starting with Microsoft Exchange 2010 also wildcard certificates are allowed. They are also defined in Microsoft Technet. But please note that these certificates can not be used in older (<= 2007) versions or in combination with older mobile phones like Windows Mobile 5.0.

This web page gives you some good hints for the usage of wildcard certificates. Concerning Lync you will find good hints here and in special concerning the usage of wildcard certificates here.

SwissSign products if you run a Microsoft Exchange environment