peter_ophoven
asked on
Hosting our own Certificate of Authority or Changing our Domain Name?
We have been using a .local domain name for years and we like it. But, Symantec / Verisign will no longer host our Certificate with a .local domain name. Namely, for using Microsoft Exchange, we have always used Symantec / Verisign.
The choice that is given to us is to host our own CA. Or change our domain name from .local to .com, if we want Verisign to host our Certificate.
From my research, the process of hosting our own CA isn't terribly difficult, but my question comes to how to get certificates to all of the 300 smart phones, iPads, tablets and external (to our firewall) laptops and desktops. With Verisign, it is automatic, all of those devices automatically work.
That would be the way we would want it to be, but from my research it looks like that isn't possible? Or is it?
The other option, as stated would be to change our domain name - which looks, at best ugly and wrought with many conflicts that may not be worth the investment of time - or at least the time to possibly get certs to all mobile devices manually, or through web enrollment.
Does anyone have any suggestions or have encountered this similar issue?
Thanks for your help.
Environment: Windows 2012 Server R2, Exchange 2007, droid and IOS devices.
The choice that is given to us is to host our own CA. Or change our domain name from .local to .com, if we want Verisign to host our Certificate.
From my research, the process of hosting our own CA isn't terribly difficult, but my question comes to how to get certificates to all of the 300 smart phones, iPads, tablets and external (to our firewall) laptops and desktops. With Verisign, it is automatic, all of those devices automatically work.
That would be the way we would want it to be, but from my research it looks like that isn't possible? Or is it?
The other option, as stated would be to change our domain name - which looks, at best ugly and wrought with many conflicts that may not be worth the investment of time - or at least the time to possibly get certs to all mobile devices manually, or through web enrollment.
Does anyone have any suggestions or have encountered this similar issue?
Thanks for your help.
Environment: Windows 2012 Server R2, Exchange 2007, droid and IOS devices.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can download and send the certificate to each user. Ask them to open OWA on their phones, download the internal CA certificate from owa to the phones and install it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have TMG running on the edge pushing - Outlook Anywhere, OWA, Active-Sync and IMAP and POP services enabled. All running SSL.
Will the digicert process from above work even though we are using the TMG as a front edge security firewall?
Thanks for your input so far, a couple of really great leads to work through.
Will the digicert process from above work even though we are using the TMG as a front edge security firewall?
Thanks for your input so far, a couple of really great leads to work through.
ASKER
Thank you community. We survived and learned along the way. That is the best solution!