Solved

Certificate for OWA

Posted on 2007-04-04
6
875 Views
Last Modified: 2013-12-19
I am administering a site having the following services: OWA, OMA, and push mail using MS Exchange Server 2003 SP2 and Windows Server 2003 SP1.
Everything is ok but we are using a self-signed certificate.
I want to buy a certificate to use it instead of the self signed one.
Would you give me recommendations and guidance:
from where to buy? what type of certificates to use?
I browsed Verisign and Thawte and got confused.
0
Comment
Question by:Ehab Salem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Expert Comment

by:czcdct
ID: 18850426
You might think you're doing this for Exchange but you're only really doign this for IIS. So, http://www.thawte.com/process/retail/new_ssl?language=en&productInfo.productType=ssl2 which is the plain SSL cert for web servers will be ok. You will, from that site, get a long list of instructions and wizards so you can generate the footprint and paste it into the request or email them the file.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18850439
If you are seriously considering purchasing a Verisign certificate, then you must have more money than sense. For OWA you don't need to purchase one of their certificates as they are only 40 bit for the cheapest certificates and you don't need the protection.

Take a look at either http://www.domainsforexchange.net/  (GoDaddy certificates) which are $US20 a year, or http://www.rapidssl.com/ (Geotrust) which are a little more expensive at US$70 a year. RapidSSL also offer 30 day trial certificates which will allow you to test the process and get comfortable with them.
The GoDaddy certificates are trusted by most Windows Mobile 5.0 devices, making deployment of push much easier.

Simon.
0
 
LVL 14

Author Comment

by:Ehab Salem
ID: 18850507
dO YOU know if the go Daddy is compatible with the Nokia E series?
We have Windows mobile devices, Nokia E, and SE M mobiles.
The SE only allowed the installation of the root certificate of the server. Windows Mobile could not access at all, Nokia is always giving the certificate warning and I did not manage to iinstall the cert on it.
So, is godaddy the solution for all these 3?
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 104

Expert Comment

by:Sembee
ID: 18850786
I haven't seen a Nokia E series, so cannot answer on the question of certificates with that. There may be a way to install certificates in to the device similar to how Windows Mobile works.

I found this article on DataViz web site which mentions root certificates: http://support.dataviz.com/support.srch?docid=13796&pid=165.
Using that article as a guide you may find a way to get a root certificate from either GoDaddy or RapidSSL on to the device.

Most solutions would involve the installation of the root certificate on to the device. The RapidSSL root certificate can be downloaded and then put in a format that can be easily installed in to a Windows Mobile device.

Simon.
0
 
LVL 4

Expert Comment

by:nstand
ID: 18852958
You want to make sure that you purchase an SSLcertificate whose root certificates are included as part of the base IE/Firefox installation. While Verisign might be more expensive, your users wont get  warning message saying the signing authority is unknown.

No matter who you buy off make sure you buy a 128-bit SSL cert and enforce this through IIS.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18853026
If you set the require SSL options in IIS then you will break some of the Windows mobile features. The best way to ensure that users use SSL is not to allow port 80 traffic in. If they can only use 443 and https URLs then everything is fine.

Both of the certificate providers I have mentioned above have root certificates in the major browsers, but if you want to throw money away on 128 bit verisign certificates thats fine. For my clients telling them that need to spend US$500 on a certificate for email isn't really going to be acceptable.

Simon.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, OWA, scripts 5 42
Save Exchange PowerShell Command 12 34
Help to debug powershell script 5 40
RPC Proxy can't be pinged 4 27
Read this checklist to learn more about the 15 things you should never include in an email signature.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question