From the mailbox tonight comes the question —

SBS 2011 Standard SSL recommendations:  Which UC / SAN SSL certificate would you recommend. I would prefer not to use intermediate certificates if possible. Are intermediate certificate chains cheaper?

First off I’ll set the foundation that with SBS 2011 Standard you really don’t need to buy a UC/SAN cert.  A single domain SSL cert will do everything you need.  The trick is that you have to have control of the DNS settings up at the web site hoster – and they must be able to enter in a SRV record in order to use the single cert (aka the cheap one).  The gang at www.thirdtier.net have the full details as to the magic that makes this work:

http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/

The same exact rules apply for SBS 2011. 

When you use the domain name wizard on SBS 2008 and SBS 2011 the domain wizard does this all for you.  If you are like most of us and migrating from SBS 2003 or rolling into an existing domain you’ll be having to do this yourself.

I personally have had no issues dealing with Godaddy certs that have the intermediary cert.  I just remember to disable the Godaddy cert they tell me to and insert the intermediary where they tell me.

If you want a bit more the recommendation would be to go with someone like www.certificatesforexchange.com   for a UCC/SAN cert with 5 names which is about $60.

Other options include www.Register.com – $27. Use their discount coupons… Down to like $15 a year and www.Trustico.com – $19 for RapidSSL. Reseller program has cheaper pricing.

 

Comments are closed.