Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Certificates and RWW:  Real world ramifications of using SBS-generated or trusted authority

Posted on 2006-11-28
3
326 Views
Last Modified: 2010-04-19
After having run SBS 2000 server for several years and basically having remote access limited to OWA I'm about to swap a new SBS 2003 (R1) server in its place.  Knowing that RWW offers increased remote access features I'm looking to get some clarification on what I really need in terms of what seems to be an essential component of this feature: the certificate.  

When I ran the SBS setup I chose to have the server generate/sign the certificate.  A week or two ago I came across a how-to PDF for installing an inexpensive ($19.95/yr) GoDaddy.com trusted certificate in place of the SBS self-signed one.  I believe this may have been posted on ISAServer.org and consequently made reference to ISA as part of the configuration in which it would be used.  Meanwhile, I recently had an email with an SBS consultant who saw no need to use anything other than the self-signed cert.  What had me wondering if that opinion really addressed the big picture was that the PDF seemed to indicate situations/locations where the self-signed cert might not cut it or where self-signed SSL certificates weren't allowed.  Also noted was compatibility with Windows Mobile 5 devices.

We're a small company (11 people) but I do know that once the 3 partners who own the operation gain access to a new convenience like RWW they will take to it
and want unimpeded access while travelling.  They are 'gadget-aware' and may appreciate upgrading to mobile devices designed to integrate with the new configuration via a trusted cert.  Time will answer that one.  But just in terms of travelling and having unimpeded access to RWW should I be concerned that the self-signed cert may not work in some hotels, Internet Cafes, etc., or is it generally adequate in the vast majority of situations?  What are the experiences of folks who have been configuring RWW for, and using it in, the real world?

Thanks to all for your thoughts on this.
0
Comment
Question by:pierc2
  • 2
3 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 18033424
The only real advantage with a 3rd party certificate is that you don't get the warning when connecting asking you if this is a trusted connection.  FYI, the GoDaddy certificates are not automatically trusted either... since Starfieldtech (the certificate issuer) is not generally listed in the root security servers.

So, the answer is that self signed is generally adequate.  It works just fine with all mobile devices, and if they have laptops, then there is no issue at all because those would always be part of the domain anyhow.  

I've accessed my RWW from all around the world with really no problems at all.

About the only place where a third party certificate is easier is using RPC over HTTPS configuration in Outlook 2003, because most folks don't read the instructions which state that you must install the self-signed certificate (by clicking on View Certificate when the warning pops up).

Jeff
TechSoEasy

0
 

Author Comment

by:pierc2
ID: 18037095
That's everything I needed to know.  Thanks, Jeff.

Brian
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18037802
You're welcome!

Jeff
TechSoEasy
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2007 on SBS 2008 5 70
Group Policies not being applied 12 74
SBS 2008 RDP Gateway works on from Windows 10 5 39
Changing a SBS 2011 Server to TLS 6 31
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question