A certificate issued from a private certificate authority may be valid for several years as well.
A certificate that has been acquired from a commercial certificate authority such as Digicert will usually be valid for one year.
Because the SSL certificate can include as many names as you need (up to about 50 before it may begin to cause performance issues), and with the way SAN/UC certificates are priced, it is often less costly to use a single SAN certificate for multiple Exchange Server 2013 servers than to acquire a unique certificate for each server.
Also consider that the trust issues when using a private CA to issue the SSL certificates for Exchange 2013 generally only apply to the internet-facing servers that will be accepting connections from non-domain members such as mobile devices.
For a client to trust the SSL certificate that a server is using the certificate must be issued by a certificate authority that the client already trusts.
If you're using a private certificate authority to issue SSL certificates to your Exchange 2013 servers, and that CA is an enterprise CA in your AD forest, then that CA will already be trusted by clients that are members of domains in that AD forest.
The final requirement is that the server or domain name that the client is connecting to must match one of the names on the SSL certificate.
Note: this trust issue only applies to the certificates installed on a dedicated Client Access server.A SAN certificate is an SSL certificate that has multiple server or domain names on the one certificate.This means that you can use a single certificate to secure one or more Exchange 2013 servers, and it can include all of the server names and other external URLs you plan to use for your Exchange environment, instead of having to provision a single-named SSL certificate for each of the different names.Depending on the role and configuration of the server it may need several names to be included on the SSL certificate.The minimum recommended names are the Client Access namespace (when a single, unified namespace is used) and the Autodiscover namespace.Every SSL certificate will have an expiry date, and this will vary depending on how the certificate has been provisioned.The default, self-signed certificate that Exchange 2013 creates during setup is valid for 5 years.Exchange Server 2013 provides secure client-server and server-server network communications by using SSL certificates to secure protocols such as HTTP, SMTP, POP and IMAP.Because of the “secure by default” requirements, when an Exchange 2013 server is installed it is configured with self-signed SSL certificates that are enabled for those protocols.Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.Nothing is more annoying than not being able to get your email when you want it and be presented with a sometimes very cryptic or a seeming meaningless error code instead.