What is UCC Certificate? And Why You Need a UCC for Microsoft Exchange

A unified communications certificate (UCC), sometimes called a Microsoft Exchange SSL certificate, is a variant of SSL certificate designed specifically for Microsoft Exchange and Office Communications servers. But, why, you may be — but almost definitely aren’t — asking, why do Microsoft Exchange and Office Communications servers get their OWN SSL certificate?

Well, sit back and let me tell ye a tale of woe. ‘Twas back in the oughts that SSL still be — I’m sorry, can I stop talking like this?

Here’s what you need to know about a UCC certificate and why it is useful to your organization.

What is UCC Certificate?

A UCC (Unified Communications Certificate) is a certificate capable of securing multiple domains and featured subdomains under a single certificate. A UCC is also known as SAN (Subject Alternative Name) as a user can add multiple names as the subject of the certificate.

Why Use a Unified Communications Certificate?

SSL was originally created in one iteration — as single site organization validated certificates that secured IP addresses. And at the point the concept of SSL/TLS was first being conceived, that was fine. Shared hosting was less common. The consensus was that only businesses needed SSL. And validating organizations seemed like a reasonable safeguard against mis-use.

‘Twas a simpler time… ugh, there I go again with pirate voice. Anyway, this model was eventually revised as the Server Name Indication (SNI) extension for TLS made it possible to secure individual domains on a shared IP address rather than having to encrypt the entire address with an organization validation (OV) certificate. That’s what opened the door to domain validation (DV) and extended validation (EV).

But Microsoft Exchange and Office Communications servers were hosting multiple domains on the same IP address before it was cool. They’re like the hipsters of the server world. The problem was, that at that point, you couldn’t secure the individual websites hosted on those servers. You could only secure the IP address. And before SNI, that arrangement meant the server couldn’t return the right site because all sites had to share the same IP address, and users would receive a mismatch error if they tried to reach a site that wasn’t explicitly listed in the certificate.

The Birth of the UCC Certificate

So, as a work-around, the UCC was created. UCCs are the pre-cursor to the modern multi domain certificate. When a UCC is installed on a Microsoft Exchange or Office Communications server, it includes the name of every website being hosted on that IP address in the Subject Alternative Name (SAN) fields. That way if a user wants to reach a specific site hosted on that IP address, the certificate their device is presented with will include the desired domain name and no mismatch error will occur.

Nowadays, multi domain SSL certificates have gone well beyond that. Whereas UCCs require all the websites to be hosted on the same IP address. Nowadays you can get multi domain SSL certificates that can secure like 2,000 different domains on a bunch of different IP addresses. You can even use a modern multi domain SSL certificate ON a Microsoft Exchange or Office Communications server!

But, to be clear, the UCC was designed specifically for use with those servers, and it’s still recommended to choose a UCC if that’s what you’re running.

Top UCC Certificates of 2021