Petri IT Knowledgebase has published my article on the merits of choosing commercial SSL certificates over self-signed or privately issued ones for Exchange Server 2010.

The business case is clear for purchasing SSL SAN certificates from a genuine commercial certificate authority to use with Exchange Server 2007 and 2010. For an outlay of as little as a few hundred dollars the business receives the benefits of:

  • Far less administrative effort to implement and maintain SSL for Exchange services
  • Compatibility with devices and applications that require connection to Exchange services over SSL
  • Access to Exchange services such as Outlook Web App for remote workers without undermining the security of the network or encouraging insecure behavior by users

Read the full article here.

I frequently encounter customers who request to (in some cases demand to) or have already deployed Exchange Server 2010 with a self-signed or a privately issued certificate.  In 2007 it was possible though cumbersome and frustrating.  In Exchange 2010 it is possible in some scenarios, equally frustrating, and in a few cases seems to be impossible to achieve 100% seamless integration and trust even for domain members (notably Exchange 2010 with Outlook 2010).

Any perceived cost savings by avoiding commercial certificates are a false economy. You spend far more on consultant and administrator effort to implement and maintain the environment with non-commercial certificates.

I generally recommend Digicert’s Unified Communications certificate for Exchange Server 2010 deployments, as I find them easy to deal with and good value.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for


Leave a Reply