Solved

Certificate for OWA

Posted on 2007-04-04
6
850 Views
Last Modified: 2013-12-19
I am administering a site having the following services: OWA, OMA, and push mail using MS Exchange Server 2003 SP2 and Windows Server 2003 SP1.
Everything is ok but we are using a self-signed certificate.
I want to buy a certificate to use it instead of the self signed one.
Would you give me recommendations and guidance:
from where to buy? what type of certificates to use?
I browsed Verisign and Thawte and got confused.
0
Comment
Question by:Ehab Salem
6 Comments
 
LVL 15

Expert Comment

by:czcdct
Comment Utility
You might think you're doing this for Exchange but you're only really doign this for IIS. So, http://www.thawte.com/process/retail/new_ssl?language=en&productInfo.productType=ssl2 which is the plain SSL cert for web servers will be ok. You will, from that site, get a long list of instructions and wizards so you can generate the footprint and paste it into the request or email them the file.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
If you are seriously considering purchasing a Verisign certificate, then you must have more money than sense. For OWA you don't need to purchase one of their certificates as they are only 40 bit for the cheapest certificates and you don't need the protection.

Take a look at either http://www.domainsforexchange.net/  (GoDaddy certificates) which are $US20 a year, or http://www.rapidssl.com/ (Geotrust) which are a little more expensive at US$70 a year. RapidSSL also offer 30 day trial certificates which will allow you to test the process and get comfortable with them.
The GoDaddy certificates are trusted by most Windows Mobile 5.0 devices, making deployment of push much easier.

Simon.
0
 
LVL 14

Author Comment

by:Ehab Salem
Comment Utility
dO YOU know if the go Daddy is compatible with the Nokia E series?
We have Windows mobile devices, Nokia E, and SE M mobiles.
The SE only allowed the installation of the root certificate of the server. Windows Mobile could not access at all, Nokia is always giving the certificate warning and I did not manage to iinstall the cert on it.
So, is godaddy the solution for all these 3?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 104

Expert Comment

by:Sembee
Comment Utility
I haven't seen a Nokia E series, so cannot answer on the question of certificates with that. There may be a way to install certificates in to the device similar to how Windows Mobile works.

I found this article on DataViz web site which mentions root certificates: http://support.dataviz.com/support.srch?docid=13796&pid=165.
Using that article as a guide you may find a way to get a root certificate from either GoDaddy or RapidSSL on to the device.

Most solutions would involve the installation of the root certificate on to the device. The RapidSSL root certificate can be downloaded and then put in a format that can be easily installed in to a Windows Mobile device.

Simon.
0
 
LVL 4

Expert Comment

by:nstand
Comment Utility
You want to make sure that you purchase an SSLcertificate whose root certificates are included as part of the base IE/Firefox installation. While Verisign might be more expensive, your users wont get  warning message saying the signing authority is unknown.

No matter who you buy off make sure you buy a 128-bit SSL cert and enforce this through IIS.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If you set the require SSL options in IIS then you will break some of the Windows mobile features. The best way to ensure that users use SSL is not to allow port 80 traffic in. If they can only use 443 and https URLs then everything is fine.

Both of the certificate providers I have mentioned above have root certificates in the major browsers, but if you want to throw money away on 128 bit verisign certificates thats fine. For my clients telling them that need to spend US$500 on a certificate for email isn't really going to be acceptable.

Simon.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now