We have Exchange 2013 CU6, Currently we are using SAN certificate. Management purchased wildcard certificate. We want to replace the certificate with wildcard. Please advice the pros and cons with this. And also the detailed steps to change the certificate.

Hi,

from the Exchange 2013 view it does not matter if you used a Wildcard certificate or a host-based certificate that includes the required Server names. See also https://technet.microsoft.com/en-us/library/dd351044%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

On the other Hand you Need to handle the common issues of a certificate that is not assigned to your companies host names http://unmitigatedrisk.com/?p=127

So it mostly depends on your SSL requirement - if you are planning to use it just for encryption, it does not matter which type you choose. If you want to ensure your host is authenticated there is a high risk of getting compromized, so your users send data to people you do not want.

Regards,
Martin

Hi,

Certificate need to be enabled on Exchange services. There are:

1. SMTP, POP, Imap (Can enable multiple certificates)

2. IIS (Can only bind with one certificate)

Thanks,