Re: OWA-SSL: Should I use 3rd party certificate or create own CA

From: Ben Winzenz [Exchange MVP] (ben_winzenz_at_NOSPAMdotmessageonedotcom)
Date: 12/02/04 

Date: Thu, 2 Dec 2004 15:09:19 -0600

You can also get rid of that prompt by installing that self-created cert
into the Trusted Root Certification Authority in IE. It works great if the
clients are using the same computers most of the time, but is a pain if they
will constantly be using different computers.

BTW - last time I checked, Thawte only charges ~180/yr for an SSL cert.
That's pretty cheap. 

-- 
Ben Winzenz
Exchange MVP
"pepe" <pepe@discussions.microsoft.com> wrote in message 
news:7C2D8B08-44B4-4F41-BCD3-C2C59814A100@microsoft.com...
> Even thought it proves me wrong:(
>
> Thank you for your responses :)
>
>
>
>
>
> "Paul Stephenson" wrote:
>
>> I agree.  As long as you can train your users and tell them that the 
>> popup
>> dialog box is expected and what to do I would use my own, but if you have 
>> a
>> lot of people to train I would go third party just so you don't have to
>> worry about the training issue.  After all a cert is only a few hundred
>> dollars, training never ends as new people come and go.  The question to 
>> me
>> then becomes "how much do you value your time at?"
>>
>> Paul
>>
>>
>>
>> "TheSingingCat" <meowmeowmeow@meowmeowmeowmeow.com> wrote in message
>> news:41af7110$1@news.nucleus.com...
>> > I use certificate server for 2003 and have our OWA clients come in 
>> > using
>> SSL
>> > with no issues.  The only thing that will happen is the client's 
>> > browser
>> > (afaik all ours are IE) display a warning that the Certificate is not 
>> > from
>> a
>> > trusted Authority.  Press Yes to Continue.
>> >
>> > Then in they go to OWA and all is encyrpted. I just made sure our users
>> knew
>> > to expect this prior to accessing owa and have had no issues.  They are
>> > still able to view the certificate, it just says our company name on it
>> etc.
>> > I think for corporate users this isn't a big issue, if you had the 
>> > general
>> > public coming in to your site, then it would probably ease their minds 
>> > if
>> > the certificate was from a trusted source such as VeriSign or Thwart 
>> > (sp?)
>> > etc.
>> >
>> > tsc
>> >
>> >
>> > "pepe" <pepe@discussions.microsoft.com> wrote in message
>> > news:68BD4579-19C4-4058-AC42-DA39A0A88421@microsoft.com...
>> > > My partner and I are debating the use of a third party certificate 
>> > > (like
>> > > Verisign) or the creation of our own Certificate Authority. We want 
>> > > our
>> > > users
>> > > to access OWA via ssl.
>> > >
>> > > I thought we should use third part certs because then we wouldn't 
>> > > have
>> to
>> > > worry about browsers having or not having our public key. I thought 
>> > > we
>> > > would
>> > > have to install that key on each machine that someone wanted to use 
>> > > to
>> > > access
>> > > OWA.
>> > >
>> > > My partner thinks that we could create our own CA using Windows 2000
>> > > server
>> > > and create the certs. He believes that IE would already have the 
>> > > public
>> > > key
>> > > for certs created by our MS CA.
>> > >
>> > > Could someone explain why I am right or he is right.
>> > >
>> > > Don't worry. No egos will get bruised here.
>> > >
>> > > Thanks,
>> > > Pepe
>> >
>> >
>>
>>
>>

Relevant Pages

  • Re: ADFS Token-signing Certs Not in Trusted Root Store
    ... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ...
    (microsoft.public.windows.server.active_directory)
  • General Certificate Question
    ... This is a beginner certificate question please. ... the certs I generated on our server are never considered 'trustworthy' for OWA to swallow so my question is that I presume we have to buy one from one of the 10 or so prime cert generators. ...
    (microsoft.public.windows.server.sbs)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: OWA and RPC over HTTP
    ... traffic to be forwarded onto our Exchange server 2003. ... OWA is enabled do a private domain, but for remote users, they ... cert error because its been issued to our internal domain. ... certificate is not trusted? ...
    (microsoft.public.exchange.admin)
  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)