SSL Certificates for different situations

I shared this in the office this week to try and breakdown what SSL Certificates we choose, for which application/situation. Maybe it will help you too.

 

Cert Type

How Expensive?

Notes

Standard SSL

$

For one off, named URL’s such as portal.somewhere.com. Website SSL, Exchange 2003 Webmail, SBS 2003, SharePoint HTTPS sites

Wildcard Certificate

$$$

If a customer has a number of URLs to protect with the same suffix (*.somewhere.com) and UCC/SAN isn’t required – i.e. this is not a solution for Exchange 2007/2010 and OCS/Lync)

UCC/SAN Certificate

$$

If a customer has OCS/LYNC or is using Exchange 2007/2010 and plans to use ‘autodiscover’ services (automatic connectivity setup for Outlook, ActiveSync, etc.), we need to use a UCC/SAN Certificate. This would also apply to SBS 2008/2011 installations that will be Internet facing and the customer doesn’t want to (or can’t reliably) distribute the SBS client software to distribute the localized CA root trusted cert. Best practice, if the customer will allow the budget, is to get a proper UCC/SAN Cert for Exchange 2007, 2010 and SBS 2008/2011

 

 

All of the above expire at least annually so be sure to keep track of their expiry dates before your users tell you the site is not responding properly 😉