Other Certificate Limitations with Exchange/OCS/WM
This is turning out to be SSL certificate week here at TheEssentialExchange.... not planned that way, just the interesting items that are crossing my computer. Yesterday, I wrote ISA 2006 and SAN/UC Certificates describing how ISA 2006 requires careful configuration in order to properly use a SAN/UC certificate.
Today, three more items you need to be aware of:
1) Windows Mobile (any version) does not support wildcard certificates
2) Outlook Anywhere (and RPC/HTTP for Exchange 2003) does not support wildcard certificates
3) UM requires that the machine name of the UM server be the first SAN (or only, for a singly named certificate) in the certificate
Lee Mackey, a fellow Exchange MVP, recently wrote: certs in exchange are like gouging your eye out with a spoon!
I echo his sentiment. That being said, there is no question that the product team understands that certificates are "too hard" right now in both Exchange Server 2007 and in OCS 2007. We'll just have to wait and see what they come up with to deal with this, in the future...
Until next time...
As always, if there are items you would like me to talk about, please drop me a line and let me know!
Edited, May 10, 2008:
Wow, this brought a number of folks out of the woodwork to tell me how wrong I am!
1) Windows Mobile, as of version 6.x, DOES support wildcard certificates!
2) OA supports wildcard certificates if, in the MSSTD entry, you specify "*.example.com" INSTEAD of a specific hostname, such as "mail.example.com". Now, isn't THAT obvious? NOT!
3) No change to the UM requirement...
Thanks to my readers (and a Microsoft employee for item (2))...