security certificate license for website and mobile

hi,

I am looking for a good security certificate license for our company's website and email. I have couple question:
1.do I have to buy a ssl for Exchange server  so that people can use cell phone to access email?
2.which company is the best one for security certificate license?
3.what's the everage price for that?
4.after I install that. will my webmail( owa)  not show a "certificate error " message and need to click continue to show our webmail?

thanks
Simon ChenNetwork AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Its not necessary to purchase a cert but highly recommened.      You can get godaddy for $89 UCC: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8979

From there you have to change the vdirs so yo don't get the cert error message in outlook if you have not added the local ad name on the cert.

Fix Outlook 2007 cert error:  http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
0
Simon ChenNetwork AdministratorAuthor Commented:
if not necessary to purchase a cert for cell phone, then how can I set it?
thanks
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Your selfsigned cert has the have the same namespace as the dns... so owa.domain.com    You can go to the website and export the cert...so you click on the cert and click copy to file and then import the cert on the phone.     This works for Windows Mobile phones...you don't have to do this for Palm Pre or iPhones....they should work.
0
Bruno PACIIT ConsultantCommented:
Hi,

The only advantage to buy a certificate to a public certification authority (like Thawte, Verising, ...) is that the certificates they sell to you come from certification authorities already known by your computers, smartphones, etc...
That means that computers and smartphones already have the root certificates of the well-known public certification authorities and you don't have to install it on these equipments...
That permits to avoid appearance of the security alert saying the SSL certificate of the web site comes from unknwon authority...
That should answer to your question number 4.

About your question number 1, in fact you need a public certificate on the server that publish you internal Exchange OWA/ActiveSync server. I mean that if you have some reverse proxy in front of Exchange to secure incoming connections from Internet, then the certificate bust be present on the reverse proxy.
About dialog between the reverse proxy and the Exchange Server you have many choices. You can decide to not use SSL (I don't recommand that because in this case someone that connects on your internal network could sniff passwords), you can decide to use SSL encryption with an private certificate generated by a private certification authority in your enterprise, or you can decide to use SSL encryption using the same public certificate installed on the Exchange server.
In the last case you have to know that, usually, you should pay a certificate license for each server the certificate is installed on.

About question 2. Very simple... The best company is the one that delivers the cheaper certificates, and that is a well-known certification authority (I mean it must be already known by your computers or smartphones, else you'll have to install the root certificate on all your equiments)...

About question 3... Well... A certificate for SSL encryption for a Web server, OWA server or ActiveSync server should cost around 100 euros (120 dollars) a year.
What you have to know is that certification authorities will try to seel you the most expensive certificate with a lot of roles, but for OWA/ActiveSync you only need the basic Web server certificate for server authentication.

Another thing: a certificate is generated for a server name. That means that if the URL to access your OWA server from Internet is something like https://myowa.mycompany.com/owa the certificate must be generated for the name "myowa.mycompany.com". Else you'll have a security alert saying that the certificate used by the server have been generated for another server...
You can buy certificates with alternative names. These certificates have several names, and you won't have security alerts until your URL matches with at least one name of the certificate. As an example, if you wan't users to be able to reach your web site using the DNS name or using the IP address without any security alert you'll then need a certificate for "myowa.mycompany.com" with the IP address as alternative names.
Of course, you'll probably have to pay more if you wan't a certificate with alernative names...
Finally, you can also buy a wildcard certificate generated for a wildcard name (like "*.mycompany.com"). That sort of certificate will permit you to publish many web server using a unique entry point and then buying only one wildcard certificate. But OF COURSE, these certificates will cost much more.

Have a good day.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.