SSL Certificates for different situations

I shared this in the office this week to try and breakdown what SSL Certificates we choose, for which application/situation. Maybe it will help you too.


Cert Type

How Expensive?


Standard SSL


For one off, named URL’s such as Website SSL, Exchange 2003 Webmail, SBS 2003, SharePoint HTTPS sites

Wildcard Certificate


If a customer has a number of URLs to protect with the same suffix (* and UCC/SAN isn’t required – i.e. this is not a solution for Exchange 2007/2010 and OCS/Lync)

UCC/SAN Certificate


If a customer has OCS/LYNC or is using Exchange 2007/2010 and plans to use ‘autodiscover’ services (automatic connectivity setup for Outlook, ActiveSync, etc.), we need to use a UCC/SAN Certificate. This would also apply to SBS 2008/2011 installations that will be Internet facing and the customer doesn’t want to (or can’t reliably) distribute the SBS client software to distribute the localized CA root trusted cert. Best practice, if the customer will allow the budget, is to get a proper UCC/SAN Cert for Exchange 2007, 2010 and SBS 2008/2011



All of the above expire at least annually so be sure to keep track of their expiry dates before your users tell you the site is not responding properly 😉