Certificates and RWW: Real world ramifications of using SBS-generated or trusted authority
Posted on 2006-11-28
After having run SBS 2000 server for several years and basically having remote access limited to OWA I'm about to swap a new SBS 2003 (R1) server in its place. Knowing that RWW offers increased remote access features I'm looking to get some clarification on what I really need in terms of what seems to be an essential component of this feature: the certificate.
When I ran the SBS setup I chose to have the server generate/sign the certificate. A week or two ago I came across a how-to PDF for installing an inexpensive ($19.95/yr) GoDaddy.com trusted certificate in place of the SBS self-signed one. I believe this may have been posted on ISAServer.org and consequently made reference to ISA as part of the configuration in which it would be used. Meanwhile, I recently had an email with an SBS consultant who saw no need to use anything other than the self-signed cert. What had me wondering if that opinion really addressed the big picture was that the PDF seemed to indicate situations/locations where the self-signed cert might not cut it or where self-signed SSL certificates weren't allowed. Also noted was compatibility with Windows Mobile 5 devices.
We're a small company (11 people) but I do know that once the 3 partners who own the operation gain access to a new convenience like RWW they will take to it
and want unimpeded access while travelling. They are 'gadget-aware' and may appreciate upgrading to mobile devices designed to integrate with the new configuration via a trusted cert. Time will answer that one. But just in terms of travelling and having unimpeded access to RWW should I be concerned that the self-signed cert may not work in some hotels, Internet Cafes, etc., or is it generally adequate in the vast majority of situations? What are the experiences of folks who have been configuring RWW for, and using it in, the real world?
Thanks to all for your thoughts on this.