jasonmichel
asked on
SSL in IIS7
finally got my exchange 2k7 migrated from 2k3 and on a 2k8 box. IIS7 is a whole diff animal for me..i need to create a certificate for my OWA site. I have heard about self signed SSL's but not sure how they work. I usually just purchase one from verisign and import it and done with it. Trying to do this very inexpensively. Second part is, last 2k7 install i did, i wasn't able to purchase a multiple domain SSL, so it screwed up my autodiscover. I ended up creating a second website for autodiscover and creating a dns record for it. Has anyone put a CA ssl or a self signed ssl on owa running on IIS7 and what is best practice...thanks
ASKER
i need a UCC SSL for outlook anywhere or mobile devices don't i?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Self-signed certs would be deployed similarily to a root CA certificate - i.e. you would need to import each one into the trusted root certificate store of each box that will be connecting to your exchange enivornment. If you don't use owa then it should be easy enough to push those through GPO to your workstations. If you do have users that don't use company assests to connect to exchange (e.g. you connect from your home computer to check your email) then you would need to pass out instructions and deal with all the support calls that will arise from that (there will likely be calls, even though it is a simple process... they call... they always call...).
Using a UCC cert from a commercial CA, be it Verisign, Comodo, or whomever is probably still going to be the best bet. GoDaddy is cheap, but sometimes there are issues as their root that they issue under is fairly new. If you use mobile devices as a corporate resource, check out their existing root cert store and base your decision from there to reduce the headache of updating all your phones.