Solved

OWA SSL Security

Posted on 2006-11-21
4
293 Views
Last Modified: 2013-12-04
Hi,

I was researching the setup of OWA with a self created SSL certificate. Before i did anything i forwarded the appropriate ports and attempted to access OWA. It seems to have its own default certificate installed. I was happily able to access my email through https.

The question i have is:

1. Is this default SSL certificate secure.

2. What are the advantages of setting up my own SSL Certificate authority.  As in is there a difference from the defaul certificate ( Im only interested in using it with OWA)

0
Comment
Question by:Danbrasco
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 230 total points
ID: 17986199
SSL and certificates are not set up by default? someone has either set them up - or your running small business server (that does have certificates installed by default)

>>1. Is this default SSL certificate secure.

As secure as any other SSL certificate - essentially all a certificate does is stop data being sent in "cleartext" SSL certificates are as secure from your OWN CA as they are if you got them from verisign or another online CA.

The Real question should be .......................

Are my certificates as TRUSTWORTHY - well if only you and your staff are going to use it then yes  - if you want to offer your OWA to all and sundry out on the internet than they might trust an Ensign or Verisign certificate MORE than yours.

>>2. What are the advantages of setting up my own SSL Certificate authority.

It takes about 5 mins, when your cert expires you can issue a new one straight away - you can use your own CA for doing other things (like securing internal IP traffic digitally signing emails etc etc)
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 20 total points
ID: 18008486
1 other point to make about self-generated certififcates is that by default your clients won't immediately accept them, unless you set up your own internal certififcate authority for use by internal machines.  Every time someone browses to your OWA website, they'll get an SSL warning informing that the certificate is not from a trusted authority.

You can get certificates from an intermediate authority for not a lot of money nowadays.  E.g. www.instantssl.com  These work without problems almost all of the time.
0
 

Author Comment

by:Danbrasco
ID: 18018685
Thank you for your tips.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18018822
ThanQ
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question