To make my lab look very much like a production environment, I decided to buy a SSL certificate for my Exchange/ISA/TMG lab from a public CA. Which one should I choose? I didn’t care much about which one that was most secure, I only wanted it to work and as cheap as possible of 3 years.
There are many suppliers out there and prices ranging from $27 to $3000+, but for me, I wanted to cheapest possible – otherwise I could just issue a certificate from my own internal CA. So what were my requirements:
- CA should be trusted by the following OS: Windows XP, Vista, 7
- CA should be trusted by the following mobile phone OS: Windows Mobile (HTC, Sony Ericsson etc), Symbian (Nokia etc) and Sony Ericssons own OS (T700, W910i etc), iPhone
- Should support 1 SAN (subdomain). Except for the CN (Common Name) owa.sysadminlab.net, I also wanted an additional SAN autodiscover.sysadminlab.net
- I did lookup the price for a wildcard certificate for one domain and one server, just for my own interest
- Valid for 3 years
So, after some investigation, I found the following comparison table. Please note that your are often only allowed to use the certificate on 1 (one) server.
Disclaimer: Prices are from April 2010 so by the time you read this article, they might have changed. Also, I could have made a mistake because comparing prices on SSL certificates is a jungle!
Supplier | Price 1 SAN |
Product name 1 SAN |
Price Wildcard |
Product name Wildcard |
Entrust.net | $522 | Advantage SSL Certificate | N/A | Not available from Entrust |
Equifax | $1498 | True BusinessID Multi-Domain with 5 domain names | $2488 | True BusinessID Wildcard |
GlobalSign | $613 | UC Certificate | $2089 | Wildcard SSL |
Thawte | $1149 | SSL Web Server Certificates | N/A | Contact sales |
Verisign | $1844 | Secure Site | N/A | Contact sales |
Please note that Globalsign’s offer is based on that you use owa, autodiscover, mail as names. If you want to choose your own SAN, it will cost $857.
Equifax is now Geotrust which then was bought by VeriSign which also owns Thawte.
I’d wish GoDaddy would get their CA certificate installed on more devices. They charge only $216 for a 3-year with up to 5 domains and $540 for a wildcard certificate.
What are your thoughts and experiences on SSL certificates on Exchange?