Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate Server and OWA

Posted on 2007-04-09
5
Medium Priority
?
333 Views
Last Modified: 2012-05-05
I am planning to demote one of my Windows 2003 DC to a member server and install a new DC. The DC that I will demote presently has Exchange 2003. I will like to install certificate server on Exchange for secure OWA access. Should I demote the DC with Exchange before or after installing certificate server? Or does it matter?

0
Comment
Question by:rbrindisi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
czcdct earned 500 total points
ID: 18877894
You cannot demote a Domain Controller that also has Exchange on it. You must construct a new server, move Exchange to it and then uninstall Exchange from the DC. Once Exchange is off the DC it is your decision on what you then do with it.

When you install Certificate Services you can no longer promote or demote or change the domain status or membership of a server without first remving Certificate Services.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18878053
What are you going to use Certificate services for?
Are you planning to issue every user with their own certificate for OWA access?
If not, then you should look at purchasing an SSL certificate rather than issuing your own. Self issued certificates will always generate an SSL certificate prompt when users connect, which doesn't look very good and could expose you to attack.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881620
czcdct

Thank for the info. I was unaware that Exchange had to be removed first.

Simon

Where can these certificates be purchase and at what cost?
 
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 18881642
There are lots of certificate vendors available. You can pay anything from US$20 up to US$600 or more.

For OWA protection I tend to suggest one of two.
GoDaddy or one of their resellers such as http://www.certificatesforexchange.com which cost US$20 a year. Advantages of these certificates is that they are trusted by most Windows Mobile 5.0 devices.

RapidSSL http://www.rapidssl.com (Geotrust) or one of their resellers, which cost $60 or less if you look around. RapidSSL have a 30 day trial certificate which is trusted by Windows so you can get a certificate to test the process and see how things work.

I use both - I have some sites on RapidSSL and some on GoDaddy, depends on the cost and the client.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881672
Thank for all your help guys
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question