Exchange 2007, Multiple SAN Certificates & Issuing Public CA's (Where to buy)
So after completing the migration, we still had some small issues to iron out. One of those was Upgrading the Private CA certificates I had installed on the Exchange Servers to Public CA Certificates.
Now not too long ago, when you needed a Multiple SAN certificate that was publicly trusted you only had a small handful of CA's you could go to and whats more they actually appeared quite expensive. Times have changed slightly with most public CA's now offering some flavor of Multiple SAN Cert & at prices ranging from $50 - $1000+ per year.
This is GREAT, you now have choice & the possibility of suiting your budget right? Well thats up to you to decide, here I just want to give a simple comparison between these certificates & let you choose what you want out of your public certificate.
First of all, let us have a look at some of the places you can buy these certificates & what they cost / offer:
Verisign Managed PKI SSL Certificates
Not much information on the Multiple SAN Certs from Verisign, I found a document saying they can support up to 20 SANs per certificate, however policies & costs are not readily available on the site- or I just couldn't find em.
The most trusted & widely supported CA on the web
Entrust Unified Communication SSL Certificates
Cost: US$ 599 - 849 / year
SANs Supported: 10 or more (extra charges apply)
Guarantee: Unlimited re-issue guarantee within certificate lifetime
Lifetime: 1 / 2 year options
Trusted by more than 99 percent of all browsers & Mobile Technologies
GeoTrust PowerServer ID Certificates
Cost: US$ 599 per year
SANs Supported: unto 4
Guarantee: Unlimited re-issue guarantee within certificate lifetime
Lifetime: 1 / 2 year options
Automatic renewal reminders
Trusted by more than 99 percent of all browsers & Mobile Technologies
Go daddy 6-in-1 Certificate
Cost: US$ 70 - 250 per year
SANs Supported: 6
Guarantee: Up to 2 Re-Keys within the first 30 days after issue
Lifetime: Up to 10 years, with Savings
Limited Support from Browsers & Mobile Technologies
Now there are a few more providers out there who offer these certificates & it is up to you to choose the one that suits you best.
I personally like the offering from Entrust, it gives you a nice flexibility in the number of SANs supported, the Certificate Lifetime Re-Issue Guarantee & the support from browsers & mobile devices out there.
The Go Daddy certs are also a good option on the low budget end, however I found them to give a certificate error with some browsers, operating systems & mobile devices- but then this is a compromise some organizations are willing to make.
In either case, if you use the standard validation or Turbo SSL solutions your certificates are usually issued within 5 working days @ most making the turn around time pretty efficient too.
I have spoken with the local Comtrust CA here in Dubai & unfortunately as yet they have not been very forthcoming with current or future plans to support Multiple SANs.
Now not too long ago, when you needed a Multiple SAN certificate that was publicly trusted you only had a small handful of CA's you could go to and whats more they actually appeared quite expensive. Times have changed slightly with most public CA's now offering some flavor of Multiple SAN Cert & at prices ranging from $50 - $1000+ per year.
This is GREAT, you now have choice & the possibility of suiting your budget right? Well thats up to you to decide, here I just want to give a simple comparison between these certificates & let you choose what you want out of your public certificate.
First of all, let us have a look at some of the places you can buy these certificates & what they cost / offer:
Verisign Managed PKI SSL Certificates
Not much information on the Multiple SAN Certs from Verisign, I found a document saying they can support up to 20 SANs per certificate, however policies & costs are not readily available on the site- or I just couldn't find em.
The most trusted & widely supported CA on the web
Entrust Unified Communication SSL Certificates
Cost: US$ 599 - 849 / year
SANs Supported: 10 or more (extra charges apply)
Guarantee: Unlimited re-issue guarantee within certificate lifetime
Lifetime: 1 / 2 year options
Trusted by more than 99 percent of all browsers & Mobile Technologies
GeoTrust PowerServer ID Certificates
Cost: US$ 599 per year
SANs Supported: unto 4
Guarantee: Unlimited re-issue guarantee within certificate lifetime
Lifetime: 1 / 2 year options
Automatic renewal reminders
Trusted by more than 99 percent of all browsers & Mobile Technologies
Go daddy 6-in-1 Certificate
Cost: US$ 70 - 250 per year
SANs Supported: 6
Guarantee: Up to 2 Re-Keys within the first 30 days after issue
Lifetime: Up to 10 years, with Savings
Limited Support from Browsers & Mobile Technologies
Now there are a few more providers out there who offer these certificates & it is up to you to choose the one that suits you best.
I personally like the offering from Entrust, it gives you a nice flexibility in the number of SANs supported, the Certificate Lifetime Re-Issue Guarantee & the support from browsers & mobile devices out there.
The Go Daddy certs are also a good option on the low budget end, however I found them to give a certificate error with some browsers, operating systems & mobile devices- but then this is a compromise some organizations are willing to make.
In either case, if you use the standard validation or Turbo SSL solutions your certificates are usually issued within 5 working days @ most making the turn around time pretty efficient too.
I have spoken with the local Comtrust CA here in Dubai & unfortunately as yet they have not been very forthcoming with current or future plans to support Multiple SANs.
Comments