I recently configured TLS on three MailSweeper servers in our DMZ. These act as a smart host for our Exchange 2010 hub servers. Although my question appear to be about MailSweeper it’s actually about TLS in general and certificates in relation to email and forced TLS.
For arguments sake, if I need to configure multiple Edge servers (keeping it purely Exchange) for forced TLS using a third party certificate I can see a number of options. 1 – requset a wildcard certificate. 2- request a san certificate. 3 – create a generic certificate such as mail.domain.com. 4 – create a unique cert for each server.
Does anyone know of any pros/cons of either method? I have read it may not be best practice to wildcard or san certs.