To make my lab look very much like a production environment, I decided to buy a SSL certificate for my Exchange/ISA/TMG lab from a public CA. Which one should I choose? I didn’t care much about which one that was most secure, I only wanted it to work and as cheap as possible of 3 years.

There are many suppliers out there and prices ranging from $27 to $3000+, but for me, I wanted to cheapest possible – otherwise I could just issue a certificate from my own internal CA. So what were my requirements:

  • CA should be trusted by the following OS: Windows XP, Vista, 7
  • CA should be trusted by the following mobile phone OS: Windows Mobile (HTC, Sony Ericsson etc), Symbian (Nokia etc) and Sony Ericssons own OS (T700, W910i etc), iPhone
  • Should support 1 SAN (subdomain). Except for the CN (Common Name) owa.sysadminlab.net, I also wanted an additional SAN autodiscover.sysadminlab.net
  • I did lookup the price for a wildcard certificate for one domain and one server, just for my own interest
  • Valid for 3 years

So, after some investigation, I found the following comparison table. Please note that your are often only allowed to use the certificate on 1 (one) server.

Disclaimer: Prices are from April 2010 so by the time you read this article, they might have changed. Also, I could have made a mistake because comparing prices on SSL certificates is a jungle!

Supplier Price
1 SAN
Product name
1 SAN
Price
Wildcard
Product name
Wildcard
Entrust.net $522 Advantage SSL Certificate N/A Not available from Entrust
Equifax $1498 True BusinessID Multi-Domain with 5 domain names $2488 True BusinessID Wildcard
GlobalSign $613 UC Certificate $2089 Wildcard SSL
Thawte $1149 SSL Web Server Certificates N/A Contact sales
Verisign $1844 Secure Site N/A Contact sales

Please note that Globalsign’s offer is based on that you use owa, autodiscover, mail as names. If you want to choose your own SAN, it will cost $857.

Equifax is now Geotrust which then was bought by VeriSign which also owns Thawte.

I’d wish GoDaddy would get their CA certificate installed on more devices. They charge only $216 for a 3-year with up to 5 domains and $540 for a wildcard certificate.

What are your thoughts and experiences on SSL certificates on Exchange?