Friday, January 26, 2007

Public Certificates supporting SAN's for LCS and Exchange 2007 - update #2

I promised earlier in Using LCS 2005 with multiple domains that I would get back to you with a list of Commercial Certification Authorities that supports Subject Alternate/Alternative Names (a.k.a SAN or SubjectAltNames). These types of certificates are required for making autoconfiguration of Office Communicator work in Enterprise deployments of LCS (Using DNS and SRV records). For more info on autoconfiguration look at Shawn Mahans webcast and the article mentioned in the start. SAN's are also required for supporting Autodiscovery in Exchange 2007 (e.g. one certificate serving both and Find a bit more information on this subject on the Exchange Ninjas Wiki.

These are my findings -

Verisign - VeriSign has a MPKI (Managed PKI) SSL offering, that includes the ability to issue certificates with multiple domain names. Its part of their Enterprise offering though, so you will need to contact their sales for help on getting an enterprise account before being able to order it.

GlobalSign - When I checked last week "... yet to be launched; expected timescale is 4-6 weeks." when I checked in September 2006 it was "... in the pipeline for the coming months".

Entrust - Has a "Entrust Unified Communications Certificates (UCC)" for Exchange Server 2007 and Live Communications Server that can be ordered directly from their website (Source).

Geotrust - Has a "Power Server ID" supporting up to four server names (That is three in SAN's, which in LCS means three in total). Find it here.

If you know other than the above please let me know and I will update the post.


Bo Eschricht said...

Thanks, Dennis, great information!

In my notes i have two additional vendors, that provide wildcards certificates, which could also be used for the task.


Dennis Lundtoft Thomsen said...

Hi Bo,

Thanks for the linkage. The problem is that Wildcard certificates are not supported in LCS 2005 (Might be working in some scenarios though - but not for e.g. Mutual TLS). I have tried to find written documentation from MS on this, but its not to be found (By google anyway).

Dennis Lundtoft Thomsen said...

Just found doc - find the presentation "How to plan for and deploy certificates in LCS 2005 Sp1" by Shawn mahan here -
Page 17 states "Live Communications Server does not support wildcard certificates".

Paul Tiemann said...

Here at DigiCert we also offer the new Unified Communications Certificates for MS Exchange and Live Communications servers. You can find all the details at:

Our pricing is great, our UC order process and PKI management tools are geared specifically for UC certificates (you can add/remove names to your certificate and re-issue it after you've purchased it), and our support specialists are top notch.

Paul Tiemann
Director of CA Operations
DigiCert, Inc.

Johan Dreyer said...

GoDaddy also have an offering on SSL certificates supporting upto 6 Domains, pricing is also very competitive.

Bo Eschricht said...

MS recently released support article KB929395 (;EN-US;929395) listing CAs that provide SAN certificates for Exchange 2007 and thus for OCS as well.

Jamie said...

My site is considering colaborating our various domains under one SSL certificate using a Unified Communications Certificate or (UCC SSL) with SSL247. However could someone enlighten me on the Wildcard alternative and what would be best for my business needs?

Wildcard SSL Certificates said...

We have also Varisign SAN Certificate a cheap ssl certificate and definitely it's such wonderful certificate We are Premium Partner of Verising Authority. And we chanllange that we are cheapest in ssl world

Cheap SSL Certificate said...

nice information its usefulness and significance is overwhelming the way you covered all the basic necessary information is really impressive good work
SL certificates can provide you with non-forgeable proof of your website's identity, and customer confidence in the integrity and security of your online business.