*.WildCard or Single Domain Certificate should be used for Exchange and other applications

Sathishkumar Singh 486 Reputation points
2023-04-24T14:15:20.9633333+00:00

Hello Team We are using *.wildcard *.tls.com certificate for Exchange Server :-webmail.tls.com Subdomains of

  1. Fileshare.tls.com
  2. chart.tls.com
  3. icon.tls.com

we got issues like penetration report test experts are recommended to use single domain

now we would like to know what is the best practice to use for Exchange Servers
*.Wildcard or Single domain of each applications?

Kindly advise

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,363 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,338 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,698 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Yuki Sun-MSFT 41,156 Reputation points Microsoft Vendor
    2023-04-25T01:44:36.59+00:00

    Hi @Sathishkumar Singh

    now we would like to know what is the best practice to use for Exchange Servers *.Wildcard or Single domain of each applications?

    From the perspective of Exchange severs, the best practice is to use as few certificates as possible, which usually means using SAN certificates or wildcard certificates.

    User's image

    More information, hopefully you can find the article below helpful:
    Digital certificates and encryption in Exchange Server-Digital certificates and encryption in Exchange Server


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Limitless Technology 44,431 Reputation points
    2023-04-25T14:40:02.9733333+00:00

    Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. I would recommend using a single domain certificate instead of a wildcard certificate for Exchange Server and other applications, especially if you are using them for external-facing services. Wildcard certificates can make it easier to manage certificates for multiple subdomains, but they can also pose security risks. Since wildcard certificates can be used for any subdomain under the domain covered by the wildcard, if one of your subdomains is compromised, an attacker could potentially use the wildcard certificate to impersonate other subdomains as well. Using a single domain certificate for each application provides more granular control and security, as each certificate can be issued specifically for the domain it is intended for. This can help to prevent unauthorized access and reduce the risk of certificate misuse. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.