Other Certificate Limitations with Exchange/OCS/WM

This is turning out to be SSL certificate week here at TheEssentialExchange.... not planned that way, just the interesting items that are crossing my computer. Yesterday, I wrote ISA 2006 and SAN/UC Certificates describing how ISA 2006 requires careful configuration in order to properly use a SAN/UC certificate.

Today, three more items you need to be aware of:

1) Windows Mobile (any version) does not support wildcard certificates

2) Outlook Anywhere (and RPC/HTTP for Exchange 2003) does not support wildcard certificates

3) UM requires that the machine name of the UM server be the first SAN (or only, for a singly named certificate) in the certificate

Lee Mackey, a fellow Exchange MVP, recently wrote: certs in exchange are like gouging your eye out with a spoon!

I echo his sentiment. That being said, there is no question that the product team understands that certificates are "too hard" right now in both Exchange Server 2007 and in OCS 2007. We'll just have to wait and see what they come up with to deal with this, in the future...

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

Edited, May 10, 2008:

Wow, this brought a number of folks out of the woodwork to tell me how wrong I am!

1) Windows Mobile, as of version 6.x, DOES support wildcard certificates!

2) OA supports wildcard certificates if, in the MSSTD entry, you specify "*.example.com" INSTEAD of a specific hostname, such as "mail.example.com". Now, isn't THAT obvious? NOT!

3) No change to the UM requirement...

Thanks to my readers (and a Microsoft employee for item (2))...

Michael B.

Published Thursday, May 08, 2008 6:02 AM by michael
Filed under: ,


Friday, May 09, 2008 11:37 AM by subject: exchange

# Weekend reading

How to set the default client language to be used in Outlook Web Access Distribution groups marked as

Friday, May 09, 2008 4:54 PM by (e)Mail Insecurity

# A certificate roundup

A certificate roundup

Thursday, July 10, 2008 3:17 PM by outlook anywhere ssl certificate

# outlook anywhere ssl certificate

Pingback from  outlook anywhere ssl certificate

Friday, October 31, 2008 8:59 PM by dmzfirewall.com » Blog Archive » A certificate roundup

# dmzfirewall.com » Blog Archive » A certificate roundup

Pingback from  dmzfirewall.com  » Blog Archive   » A certificate roundup