Solved

Certificate Server and OWA

Posted on 2007-04-09
5
326 Views
Last Modified: 2012-05-05
I am planning to demote one of my Windows 2003 DC to a member server and install a new DC. The DC that I will demote presently has Exchange 2003. I will like to install certificate server on Exchange for secure OWA access. Should I demote the DC with Exchange before or after installing certificate server? Or does it matter?

0
Comment
Question by:rbrindisi
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
czcdct earned 125 total points
ID: 18877894
You cannot demote a Domain Controller that also has Exchange on it. You must construct a new server, move Exchange to it and then uninstall Exchange from the DC. Once Exchange is off the DC it is your decision on what you then do with it.

When you install Certificate Services you can no longer promote or demote or change the domain status or membership of a server without first remving Certificate Services.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18878053
What are you going to use Certificate services for?
Are you planning to issue every user with their own certificate for OWA access?
If not, then you should look at purchasing an SSL certificate rather than issuing your own. Self issued certificates will always generate an SSL certificate prompt when users connect, which doesn't look very good and could expose you to attack.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881620
czcdct

Thank for the info. I was unaware that Exchange had to be removed first.

Simon

Where can these certificates be purchase and at what cost?
 
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 125 total points
ID: 18881642
There are lots of certificate vendors available. You can pay anything from US$20 up to US$600 or more.

For OWA protection I tend to suggest one of two.
GoDaddy or one of their resellers such as http://www.certificatesforexchange.com which cost US$20 a year. Advantages of these certificates is that they are trusted by most Windows Mobile 5.0 devices.

RapidSSL http://www.rapidssl.com (Geotrust) or one of their resellers, which cost $60 or less if you look around. RapidSSL have a 30 day trial certificate which is trusted by Windows so you can get a certificate to test the process and see how things work.

I use both - I have some sites on RapidSSL and some on GoDaddy, depends on the cost and the client.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881672
Thank for all your help guys
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question