Certificate for OWA

Posted on 2007-04-04
Medium Priority
Last Modified: 2013-12-19
I am administering a site having the following services: OWA, OMA, and push mail using MS Exchange Server 2003 SP2 and Windows Server 2003 SP1.
Everything is ok but we are using a self-signed certificate.
I want to buy a certificate to use it instead of the self signed one.
Would you give me recommendations and guidance:
from where to buy? what type of certificates to use?
I browsed Verisign and Thawte and got confused.
Question by:Ehab Salem
LVL 15

Expert Comment

ID: 18850426
You might think you're doing this for Exchange but you're only really doign this for IIS. So, http://www.thawte.com/process/retail/new_ssl?language=en&productInfo.productType=ssl2 which is the plain SSL cert for web servers will be ok. You will, from that site, get a long list of instructions and wizards so you can generate the footprint and paste it into the request or email them the file.
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 18850439
If you are seriously considering purchasing a Verisign certificate, then you must have more money than sense. For OWA you don't need to purchase one of their certificates as they are only 40 bit for the cheapest certificates and you don't need the protection.

Take a look at either http://www.domainsforexchange.net/  (GoDaddy certificates) which are $US20 a year, or http://www.rapidssl.com/ (Geotrust) which are a little more expensive at US$70 a year. RapidSSL also offer 30 day trial certificates which will allow you to test the process and get comfortable with them.
The GoDaddy certificates are trusted by most Windows Mobile 5.0 devices, making deployment of push much easier.

LVL 14

Author Comment

by:Ehab Salem
ID: 18850507
dO YOU know if the go Daddy is compatible with the Nokia E series?
We have Windows mobile devices, Nokia E, and SE M mobiles.
The SE only allowed the installation of the root certificate of the server. Windows Mobile could not access at all, Nokia is always giving the certificate warning and I did not manage to iinstall the cert on it.
So, is godaddy the solution for all these 3?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

LVL 104

Expert Comment

ID: 18850786
I haven't seen a Nokia E series, so cannot answer on the question of certificates with that. There may be a way to install certificates in to the device similar to how Windows Mobile works.

I found this article on DataViz web site which mentions root certificates: http://support.dataviz.com/support.srch?docid=13796&pid=165.
Using that article as a guide you may find a way to get a root certificate from either GoDaddy or RapidSSL on to the device.

Most solutions would involve the installation of the root certificate on to the device. The RapidSSL root certificate can be downloaded and then put in a format that can be easily installed in to a Windows Mobile device.


Expert Comment

ID: 18852958
You want to make sure that you purchase an SSLcertificate whose root certificates are included as part of the base IE/Firefox installation. While Verisign might be more expensive, your users wont get  warning message saying the signing authority is unknown.

No matter who you buy off make sure you buy a 128-bit SSL cert and enforce this through IIS.
LVL 104

Expert Comment

ID: 18853026
If you set the require SSL options in IIS then you will break some of the Windows mobile features. The best way to ensure that users use SSL is not to allow port 80 traffic in. If they can only use 443 and https URLs then everything is fine.

Both of the certificate providers I have mentioned above have root certificates in the major browsers, but if you want to throw money away on 128 bit verisign certificates thats fine. For my clients telling them that need to spend US$500 on a certificate for email isn't really going to be acceptable.


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
Migrating Exchange data from one Exchange Server to another server is complicated. Though Exchange administrators can try manual methods to migrate their data from one version of Exchange to another, these manual methods are not that reliable. That…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question