Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Adding a webmail link to a corporate site

Posted on 2004-09-23
Last Modified: 2006-11-17
using Server 2003 and Exchange.  Please advise on the security issues that would arise from installing a link (however small) on a 'business' website (not heavily traveled by any means) to allow employees Outlook Web Access?  Do larger business still practice this?  Is their a 'better' way; maybe having http://webmail.business.com point to the Exchange Outlook Web Access page?   what is safe and secure?
Question by:72chevy4x4
  • 2
  • 2
LVL 104

Accepted Solution

Sembee earned 250 total points
ID: 12132810
I wouldn't advertise the link anywhere - I would expect employees to remember it. However I don't see any reason why you cannot use OWA.
The only thing I would say is to an SSL certificate from somewhere like freessl.com and force the users to use HTTPS.


Author Comment

ID: 12133621
What about letting SBS2003 create its own certificate?  I've tried the website in question and it automatically requires https (will not accept the http request).  
LVL 104

Expert Comment

ID: 12135539
The only problem with using the built in certificate is that it isn't trusted. It will generate errors each time it is used, unless the certificate is installed. It probably isn't a good idea to install the certificates everywhere as this will leave information about your configuration everywhere. Furthermore that certificate has probably been issued in the name of server.domain.com and you might want it to be webmail.domain.com

With FreeSSL doing certificates for some ridiculous sum like US$20/year I just think it looks more professional to have a real certificate that doesn't generate errors and allows the users to verify that it is legimate.


Author Comment

ID: 12532689
regarding the certificates: that is one error I've run across, when the remote office logs on using https:server.business.com, an error stating the certificate holder's name is server.business.local pops up.  guess the original cert was incorrectly named.  The public has no knowledge of or use for the cert (no e-business or the likes going on), so I may not pursue the FreeSSL option, but thank you for the information.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question