The Exchange Team Blog has released a new post regading Certificates and how they should be configured for Exchange 2013.
Now that we understand the load balancing and namespace planning principles and how clients connect in an Exchange 2013 environment that has Exchange 2007 and/or Exchange 2010 deployed, the proper certificates can be constructed and deployed as part of the upgrade process.
Of course it goes without saying that there are a few rules you should follow in crafting your certificates:
Wildcard certificates are an option as well. A wildcard certificate for *.contoso.com results in a certificate that will work for mail.contoso.com, legacy.contoso.com, and autodiscover.contoso.com namespaces.
You can, and I recommend that you do, check the full post here :
Certificate Planning in Exchange 2013 - Exchange Team Blog - Site Home - TechNet Blogshttp://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx