This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 24%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Team We are using *.wildcard *.tls.com certificate for Exchange Server :-webmail.tls.com Subdomains of
we got issues like penetration report test experts are recommended to use single domain
now we would like to know what is the best practice to use for Exchange Servers
*.Wildcard or Single domain of each applications?
Kindly advise
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. I would recommend using a single domain certificate instead of a wildcard certificate for Exchange Server and other applications, especially if you are using them for external-facing services. Wildcard certificates can make it easier to manage certificates for multiple subdomains, but they can also pose security risks. Since wildcard certificates can be used for any subdomain under the domain covered by the wildcard, if one of your subdomains is compromised, an attacker could potentially use the wildcard certificate to impersonate other subdomains as well. Using a single domain certificate for each application provides more granular control and security, as each certificate can be issued specifically for the domain it is intended for. This can help to prevent unauthorized access and reduce the risk of certificate misuse. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Sathishkumar Singh ,
now we would like to know what is the best practice to use for Exchange Servers *.Wildcard or Single domain of each applications?
From the perspective of Exchange severs, the best practice is to use as few certificates as possible, which usually means using SAN certificates or wildcard certificates.
More information, hopefully you can find the article below helpful:
Digital certificates and encryption in Exchange Server-Digital certificates and encryption in Exchange Server
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Sathishkumar Singh , Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back.
