Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate for OWA

Posted on 2007-04-04
6
Medium Priority
?
898 Views
Last Modified: 2013-12-19
I am administering a site having the following services: OWA, OMA, and push mail using MS Exchange Server 2003 SP2 and Windows Server 2003 SP1.
Everything is ok but we are using a self-signed certificate.
I want to buy a certificate to use it instead of the self signed one.
Would you give me recommendations and guidance:
from where to buy? what type of certificates to use?
I browsed Verisign and Thawte and got confused.
0
Comment
Question by:Ehab Salem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Expert Comment

by:czcdct
ID: 18850426
You might think you're doing this for Exchange but you're only really doign this for IIS. So, http://www.thawte.com/process/retail/new_ssl?language=en&productInfo.productType=ssl2 which is the plain SSL cert for web servers will be ok. You will, from that site, get a long list of instructions and wizards so you can generate the footprint and paste it into the request or email them the file.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 18850439
If you are seriously considering purchasing a Verisign certificate, then you must have more money than sense. For OWA you don't need to purchase one of their certificates as they are only 40 bit for the cheapest certificates and you don't need the protection.

Take a look at either http://www.domainsforexchange.net/  (GoDaddy certificates) which are $US20 a year, or http://www.rapidssl.com/ (Geotrust) which are a little more expensive at US$70 a year. RapidSSL also offer 30 day trial certificates which will allow you to test the process and get comfortable with them.
The GoDaddy certificates are trusted by most Windows Mobile 5.0 devices, making deployment of push much easier.

Simon.
0
 
LVL 14

Author Comment

by:Ehab Salem
ID: 18850507
dO YOU know if the go Daddy is compatible with the Nokia E series?
We have Windows mobile devices, Nokia E, and SE M mobiles.
The SE only allowed the installation of the root certificate of the server. Windows Mobile could not access at all, Nokia is always giving the certificate warning and I did not manage to iinstall the cert on it.
So, is godaddy the solution for all these 3?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 104

Expert Comment

by:Sembee
ID: 18850786
I haven't seen a Nokia E series, so cannot answer on the question of certificates with that. There may be a way to install certificates in to the device similar to how Windows Mobile works.

I found this article on DataViz web site which mentions root certificates: http://support.dataviz.com/support.srch?docid=13796&pid=165.
Using that article as a guide you may find a way to get a root certificate from either GoDaddy or RapidSSL on to the device.

Most solutions would involve the installation of the root certificate on to the device. The RapidSSL root certificate can be downloaded and then put in a format that can be easily installed in to a Windows Mobile device.

Simon.
0
 
LVL 4

Expert Comment

by:nstand
ID: 18852958
You want to make sure that you purchase an SSLcertificate whose root certificates are included as part of the base IE/Firefox installation. While Verisign might be more expensive, your users wont get  warning message saying the signing authority is unknown.

No matter who you buy off make sure you buy a 128-bit SSL cert and enforce this through IIS.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18853026
If you set the require SSL options in IIS then you will break some of the Windows mobile features. The best way to ensure that users use SSL is not to allow port 80 traffic in. If they can only use 443 and https URLs then everything is fine.

Both of the certificate providers I have mentioned above have root certificates in the major browsers, but if you want to throw money away on 128 bit verisign certificates thats fine. For my clients telling them that need to spend US$500 on a certificate for email isn't really going to be acceptable.

Simon.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question