[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

For the best security on an Exchange 2007 deployment, I really don't want to open up port 80 on the firewall. I will be using SSL certificates for OWA 2007 from Verisign.

Posted on 2008-10-10
2
Medium Priority
?
207 Views
Last Modified: 2012-05-05
I am deploying client access servers in exchange 2007. I plan to use SSL cerificates from Verisign with OWA. However, many outside users with legacy web browsers might not be able to connect with https   Are there any functions in OWA 2007 which require http?  I really don't want to expose the internal lan to port 80 if not necessary. An ISA reverse proxy setup will be deployed later, but now we need the client access server behind the inside firewall (not in the dmz) and OWA up and running. I can see the help deskphones ringing off the hook from the external users who can't connect via http if their browsers are not patched.  With only SSL port 443 open with a signed certificate from verisign,, there is a higher security configuration on the OWA deployment.

What is your suggestion?
0
Comment
Question by:bignewf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 500 total points
ID: 22688945
I think you are worrying too much.
SSL has been supported since before IE3.  Pretty much every browser in use today uses 128 bit SSL, if you are really worried about it then just don't force 128 bit SSL so that those that do support it will use 128 bit and those that are ancient and haven't been patched in 7 years can dumb down to an older version of SSL.
Verisign has been around long enough where they should have their root pretty much whereever you go since they date back to the mid-90s.  You're not going to do much better than that and if you are worried about that, there are few alternatives.
Realistically, even the guy running win98 has patched sometime over the last 7 years or so to access their banking site or whatever.  If they are too freaked out to access your SSL page, then they will be entirely too paranoid to supply anything that would require SSL (password, bank info, whatever) and live in a cave.  You will likely cause more of an issue by not having SSL enabled for sensitive pages than worrying about the theoretical user that won't be able to use SSL.
0
 
LVL 15

Accepted Solution

by:
bignewf earned 0 total points
ID: 22688984
Thanks for your answer. That covered everything.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question