To make my lab look very much like a production environment, I decided to buy a SSL certificate for my Exchange/ISA/TMG lab from a public CA. Which one should I choose? I didn’t care much about which one that was most secure, I only wanted it to work and as cheap as possible of 3 years.
There are many suppliers out there and prices ranging from $27 to $3000+, but for me, I wanted to cheapest possible – otherwise I could just issue a certificate from my own internal CA. So what were my requirements:
- CA should be trusted by the following OS: Windows XP, Vista, 7
- CA should be trusted by the following mobile phone OS: Windows Mobile (HTC, Sony Ericsson etc), Symbian (Nokia etc) and Sony Ericssons own OS (T700, W910i etc), iPhone
- Should support 1 SAN (subdomain). Except for the CN (Common Name) owa.sysadminlab.net, I also wanted an additional SAN autodiscover.sysadminlab.net
- I did lookup the price for a wildcard certificate for one domain and one server, just for my own interest
- Valid for 3 years
So, after some investigation, I found the following comparison table. Please note that your are often only allowed to use the certificate on 1 (one) server.
Disclaimer: Prices are from April 2010 so by the time you read this article, they might have changed. Also, I could have made a mistake because comparing prices on SSL certificates is a jungle!
|Entrust.net||$522||Advantage SSL Certificate||N/A||Not available from Entrust|
|Equifax||$1498||True BusinessID Multi-Domain with 5 domain names||$2488||True BusinessID Wildcard|
|GlobalSign||$613||UC Certificate||$2089||Wildcard SSL|
|Thawte||$1149||SSL Web Server Certificates||N/A||Contact sales|
|Verisign||$1844||Secure Site||N/A||Contact sales|
Please note that Globalsign’s offer is based on that you use owa, autodiscover, mail as names. If you want to choose your own SAN, it will cost $857.
Equifax is now Geotrust which then was bought by VeriSign which also owns Thawte.
I’d wish GoDaddy would get their CA certificate installed on more devices. They charge only $216 for a 3-year with up to 5 domains and $540 for a wildcard certificate.
What are your thoughts and experiences on SSL certificates on Exchange?