Certificate Server and OWA

I am planning to demote one of my Windows 2003 DC to a member server and install a new DC. The DC that I will demote presently has Exchange 2003. I will like to install certificate server on Exchange for secure OWA access. Should I demote the DC with Exchange before or after installing certificate server? Or does it matter?

rbrindisiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

czcdctCommented:
You cannot demote a Domain Controller that also has Exchange on it. You must construct a new server, move Exchange to it and then uninstall Exchange from the DC. Once Exchange is off the DC it is your decision on what you then do with it.

When you install Certificate Services you can no longer promote or demote or change the domain status or membership of a server without first remving Certificate Services.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SembeeCommented:
What are you going to use Certificate services for?
Are you planning to issue every user with their own certificate for OWA access?
If not, then you should look at purchasing an SSL certificate rather than issuing your own. Self issued certificates will always generate an SSL certificate prompt when users connect, which doesn't look very good and could expose you to attack.

Simon.
0
rbrindisiAuthor Commented:
czcdct

Thank for the info. I was unaware that Exchange had to be removed first.

Simon

Where can these certificates be purchase and at what cost?
 
0
SembeeCommented:
There are lots of certificate vendors available. You can pay anything from US$20 up to US$600 or more.

For OWA protection I tend to suggest one of two.
GoDaddy or one of their resellers such as http://www.certificatesforexchange.com which cost US$20 a year. Advantages of these certificates is that they are trusted by most Windows Mobile 5.0 devices.

RapidSSL http://www.rapidssl.com (Geotrust) or one of their resellers, which cost $60 or less if you look around. RapidSSL have a 30 day trial certificate which is trusted by Windows so you can get a certificate to test the process and see how things work.

I use both - I have some sites on RapidSSL and some on GoDaddy, depends on the cost and the client.

Simon.
0
rbrindisiAuthor Commented:
Thank for all your help guys
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.