Solved

OWA SSL Security

Posted on 2006-11-21
4
294 Views
Last Modified: 2013-12-04
Hi,

I was researching the setup of OWA with a self created SSL certificate. Before i did anything i forwarded the appropriate ports and attempted to access OWA. It seems to have its own default certificate installed. I was happily able to access my email through https.

The question i have is:

1. Is this default SSL certificate secure.

2. What are the advantages of setting up my own SSL Certificate authority.  As in is there a difference from the defaul certificate ( Im only interested in using it with OWA)

0
Comment
Question by:Danbrasco
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 230 total points
ID: 17986199
SSL and certificates are not set up by default? someone has either set them up - or your running small business server (that does have certificates installed by default)

>>1. Is this default SSL certificate secure.

As secure as any other SSL certificate - essentially all a certificate does is stop data being sent in "cleartext" SSL certificates are as secure from your OWN CA as they are if you got them from verisign or another online CA.

The Real question should be .......................

Are my certificates as TRUSTWORTHY - well if only you and your staff are going to use it then yes  - if you want to offer your OWA to all and sundry out on the internet than they might trust an Ensign or Verisign certificate MORE than yours.

>>2. What are the advantages of setting up my own SSL Certificate authority.

It takes about 5 mins, when your cert expires you can issue a new one straight away - you can use your own CA for doing other things (like securing internal IP traffic digitally signing emails etc etc)
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 20 total points
ID: 18008486
1 other point to make about self-generated certififcates is that by default your clients won't immediately accept them, unless you set up your own internal certififcate authority for use by internal machines.  Every time someone browses to your OWA website, they'll get an SSL warning informing that the certificate is not from a trusted authority.

You can get certificates from an intermediate authority for not a lot of money nowadays.  E.g. www.instantssl.com  These work without problems almost all of the time.
0
 

Author Comment

by:Danbrasco
ID: 18018685
Thank you for your tips.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18018822
ThanQ
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question