WilsonJohn
asked on
outlook any where
Please let me know how can we setup to work outlook any where with exchange 2010.
Can it be done with out buying any third party certificates
Can we create certificate from exchange and use.
Please explain full steps involved in this..
Can it be done with out buying any third party certificates
Can we create certificate from exchange and use.
Please explain full steps involved in this..
Yes, it can be done without buying a 3rd party certificate.
http://exchangepedia.com/2007/08/outlook-anywhere-and-exchanges-self-signed-certificate.html
You can install one of (also free) certificate authority servers and then use it to issue certificate for exchange server. The only drawback is that you need to install CA and exchange certificate on all computers you will use to access outlook anywhere.
A couple of years ago I have used http://simpleauthority.com for one exchange installation. Limited, but very easy to use.
http://exchangepedia.com/2007/08/outlook-anywhere-and-exchanges-self-signed-certificate.html
You can install one of (also free) certificate authority servers and then use it to issue certificate for exchange server. The only drawback is that you need to install CA and exchange certificate on all computers you will use to access outlook anywhere.
A couple of years ago I have used http://simpleauthority.com for one exchange installation. Limited, but very easy to use.
ASKER
Also let me know if we buy a third party one, which is best one and let me know the steps please.
Is hard to say which one is the best. A lot of EE users recommends godady certificates because they are not so expensive and are trusted on lots of devices.
Here is step-by-step procedure:
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
I use for exchange server only private CAs, because there are just a few people who are not part of the domain and need access to exchange servers. If there were a big number of such users I would buy a certificate from 3rd party CA.
Here is step-by-step procedure:
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
I use for exchange server only private CAs, because there are just a few people who are not part of the domain and need access to exchange servers. If there were a big number of such users I would buy a certificate from 3rd party CA.
ASKER
Our case also- all will be our domain members. Without third party certificates can we implement this
What problem may face if we proceed without third party.
Also let me know how to create our own certificate for this use from exchange server.
What problem may face if we proceed without third party.
Also let me know how to create our own certificate for this use from exchange server.
The problems with certificates are trust and distribution.
Here is simplified description.
You want to connect to one server with name mail.domain.com. One server answers your request and wants from you your user name and password. But you don't trust it and you want a proof, that it is really the correct server. The server shows you a certificate, where it is written its name. But you say - anyone can install a CA and create a certificate. Who created yours? The servers answers - mine was cerated by xy CA. Now you look at trusted root CA store on your computer if the certificate of xy CA is listed. If everything is OK, you can trust the servers certificate.
On windows OSes the list is maintained by Ms.
http://social.technet.microsoft.com/wiki/contents/articles/14215.windows-and-windows-phone-8-ssl-root-certificate-program-member-cas.aspx
If the CA is not on the list, then you need to decide if you trust the CA or not. If yes, then you need to manually install the CA certificate under trusted root CA store.
In this case you own the CA and you know what safety precautions you will take, that non authorized persons will have no access to CA, so you should trust this CA.
In domain environment it is normally enough if you install the certificate on domain controller and then it is distributed to the domain members PCs.
The procedure of certificate request is described in previous link.
The creation of certificate practically consists of importing the certificate request and sign it.
http://simpleauthority.com/help/generatingCerts.html
Install standalone Ms CA:
http://technet.microsoft.com/en-us/library/cc731183(v=ws.10).aspx
http://tech.petercrys.com/2011/10/how-to-sign-certificate-using-microsoft.html
But keep in mind, that after the certificate expires, you will need to create a new one.
If you have kept CA safe and operative, then you need just to cerate a new certificate.
If not, then you will net to install new CA (or create new CA root certificate) and deploy it again on all your computers.
Here is simplified description.
You want to connect to one server with name mail.domain.com. One server answers your request and wants from you your user name and password. But you don't trust it and you want a proof, that it is really the correct server. The server shows you a certificate, where it is written its name. But you say - anyone can install a CA and create a certificate. Who created yours? The servers answers - mine was cerated by xy CA. Now you look at trusted root CA store on your computer if the certificate of xy CA is listed. If everything is OK, you can trust the servers certificate.
On windows OSes the list is maintained by Ms.
http://social.technet.microsoft.com/wiki/contents/articles/14215.windows-and-windows-phone-8-ssl-root-certificate-program-member-cas.aspx
If the CA is not on the list, then you need to decide if you trust the CA or not. If yes, then you need to manually install the CA certificate under trusted root CA store.
In this case you own the CA and you know what safety precautions you will take, that non authorized persons will have no access to CA, so you should trust this CA.
In domain environment it is normally enough if you install the certificate on domain controller and then it is distributed to the domain members PCs.
The procedure of certificate request is described in previous link.
The creation of certificate practically consists of importing the certificate request and sign it.
http://simpleauthority.com/help/generatingCerts.html
Install standalone Ms CA:
http://technet.microsoft.com/en-us/library/cc731183(v=ws.10).aspx
http://tech.petercrys.com/2011/10/how-to-sign-certificate-using-microsoft.html
But keep in mind, that after the certificate expires, you will need to create a new one.
If you have kept CA safe and operative, then you need just to cerate a new certificate.
If not, then you will net to install new CA (or create new CA root certificate) and deploy it again on all your computers.
ASKER
Any Trial certificate will get from any third party like for 30 days.
So that we can check and buy.
So that we can check and buy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Part1-
http://www.youtube.com/watch?v=eOJe5LmUIdo
Part 2-
http://www.youtube.com/watch?v=i5FoLv5c0AA