Solved

Certificate Server and OWA

Posted on 2007-04-09
5
327 Views
Last Modified: 2012-05-05
I am planning to demote one of my Windows 2003 DC to a member server and install a new DC. The DC that I will demote presently has Exchange 2003. I will like to install certificate server on Exchange for secure OWA access. Should I demote the DC with Exchange before or after installing certificate server? Or does it matter?

0
Comment
Question by:rbrindisi
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
czcdct earned 125 total points
ID: 18877894
You cannot demote a Domain Controller that also has Exchange on it. You must construct a new server, move Exchange to it and then uninstall Exchange from the DC. Once Exchange is off the DC it is your decision on what you then do with it.

When you install Certificate Services you can no longer promote or demote or change the domain status or membership of a server without first remving Certificate Services.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18878053
What are you going to use Certificate services for?
Are you planning to issue every user with their own certificate for OWA access?
If not, then you should look at purchasing an SSL certificate rather than issuing your own. Self issued certificates will always generate an SSL certificate prompt when users connect, which doesn't look very good and could expose you to attack.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881620
czcdct

Thank for the info. I was unaware that Exchange had to be removed first.

Simon

Where can these certificates be purchase and at what cost?
 
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 125 total points
ID: 18881642
There are lots of certificate vendors available. You can pay anything from US$20 up to US$600 or more.

For OWA protection I tend to suggest one of two.
GoDaddy or one of their resellers such as http://www.certificatesforexchange.com which cost US$20 a year. Advantages of these certificates is that they are trusted by most Windows Mobile 5.0 devices.

RapidSSL http://www.rapidssl.com (Geotrust) or one of their resellers, which cost $60 or less if you look around. RapidSSL have a 30 day trial certificate which is trusted by Windows so you can get a certificate to test the process and see how things work.

I use both - I have some sites on RapidSSL and some on GoDaddy, depends on the cost and the client.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881672
Thank for all your help guys
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question