Solved

Certificate for OWA

Posted on 2007-04-04
6
871 Views
Last Modified: 2013-12-19
I am administering a site having the following services: OWA, OMA, and push mail using MS Exchange Server 2003 SP2 and Windows Server 2003 SP1.
Everything is ok but we are using a self-signed certificate.
I want to buy a certificate to use it instead of the self signed one.
Would you give me recommendations and guidance:
from where to buy? what type of certificates to use?
I browsed Verisign and Thawte and got confused.
0
Comment
Question by:Ehab Salem
6 Comments
 
LVL 15

Expert Comment

by:czcdct
ID: 18850426
You might think you're doing this for Exchange but you're only really doign this for IIS. So, http://www.thawte.com/process/retail/new_ssl?language=en&productInfo.productType=ssl2 which is the plain SSL cert for web servers will be ok. You will, from that site, get a long list of instructions and wizards so you can generate the footprint and paste it into the request or email them the file.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 18850439
If you are seriously considering purchasing a Verisign certificate, then you must have more money than sense. For OWA you don't need to purchase one of their certificates as they are only 40 bit for the cheapest certificates and you don't need the protection.

Take a look at either http://www.domainsforexchange.net/  (GoDaddy certificates) which are $US20 a year, or http://www.rapidssl.com/ (Geotrust) which are a little more expensive at US$70 a year. RapidSSL also offer 30 day trial certificates which will allow you to test the process and get comfortable with them.
The GoDaddy certificates are trusted by most Windows Mobile 5.0 devices, making deployment of push much easier.

Simon.
0
 
LVL 14

Author Comment

by:Ehab Salem
ID: 18850507
dO YOU know if the go Daddy is compatible with the Nokia E series?
We have Windows mobile devices, Nokia E, and SE M mobiles.
The SE only allowed the installation of the root certificate of the server. Windows Mobile could not access at all, Nokia is always giving the certificate warning and I did not manage to iinstall the cert on it.
So, is godaddy the solution for all these 3?
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 104

Expert Comment

by:Sembee
ID: 18850786
I haven't seen a Nokia E series, so cannot answer on the question of certificates with that. There may be a way to install certificates in to the device similar to how Windows Mobile works.

I found this article on DataViz web site which mentions root certificates: http://support.dataviz.com/support.srch?docid=13796&pid=165.
Using that article as a guide you may find a way to get a root certificate from either GoDaddy or RapidSSL on to the device.

Most solutions would involve the installation of the root certificate on to the device. The RapidSSL root certificate can be downloaded and then put in a format that can be easily installed in to a Windows Mobile device.

Simon.
0
 
LVL 4

Expert Comment

by:nstand
ID: 18852958
You want to make sure that you purchase an SSLcertificate whose root certificates are included as part of the base IE/Firefox installation. While Verisign might be more expensive, your users wont get  warning message saying the signing authority is unknown.

No matter who you buy off make sure you buy a 128-bit SSL cert and enforce this through IIS.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18853026
If you set the require SSL options in IIS then you will break some of the Windows mobile features. The best way to ensure that users use SSL is not to allow port 80 traffic in. If they can only use 443 and https URLs then everything is fine.

Both of the certificate providers I have mentioned above have root certificates in the major browsers, but if you want to throw money away on 128 bit verisign certificates thats fine. For my clients telling them that need to spend US$500 on a certificate for email isn't really going to be acceptable.

Simon.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question