Re: Should I install my own CA for use with OWA?

From: mmac (no_at_thank.you)
Date: 07/20/04


Date: Mon, 19 Jul 2004 23:23:28 -0700

Hmmm
Got me thinking about FreeSSL now...

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:OZr7KDibEHA.2944@TK2MSFTNGP11.phx.gbl...
> Another 2 cents.
>
> Unless you intend to make other uses of PKI beyond just
> enabling SSL for OWA you may be best off just buying
> a certificate from a public authority.
>
> 1. None of these. You root CA should be maintained in an
> off-line state, with day-to-day being handled by a subordinate.
> 2. Not necessarily inform the users, but you would need to touch
> all your client machines so that your CA is a trusted root.
> 3. If you do go the CA route, then enterprise. You do not indicate
> whether your traveling people will only access OWA from
> your mobile devices. If they will use unowned devices, then
> those will not have your CA as trusted and so will not be able
> to establish SSL. Use of a public cert is the most simple and
> inexpensive way to enable any device to successfully use SSL
> for your OWA.
> 4. probably a moot point by now
> 5. see above, in 1
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "mmac" <no@thank.you> wrote in message
> news:upjsidhbEHA.2352@TK2MSFTNGP09.phx.gbl...
> > Using win2k, exchange 2k.
> > I need to enable Outlook Web Access for my traveling people, I
understand
> > that to do this properly I need to use using SSL. I know next to
nothing
> > about this subject so I am running through a technet article on the
> subject
> > and here are the first questions that come to mind, All this is assuming
> > that I should install my own CA. If I shouldn't why not?
> >
> > 1. I have a webserver, email server, and streaming media server, would
it
> > matter which one I installed CA on?
> >
> > 2. Will anything on my existing LAN change when this is completed that I
> > would have to advise users about? Does this become a part of daily life
or
> > only when the OWA is accessed?
> >
> > 3.Should I use an Enterprise CA or StandAlone? All legitimate users
would
> > obviously have an email account and therefore be in AD so it seems that
I
> > would want the Enterprise style. However, the OWA would be accessed from
> all
> > over the world on any number of outside networks. Does it matter where
the
> > OWA would be accessed from?
> >
> > 4. how long should I make the Certs Valid for?
> >
> > 5. What good would a subordinate CA be for me? If I understand it
> correctly,
> > none?
> >
> > I will have a bunch more but this is a start. Help?
> >
> >
> >
>
>



Relevant Pages

  • Re: OWA published in ISA (SBS 2000)
    ... You don't have to be hosting a public website (other than OWA). ... access a website using SSL, your browser checks the SSL certificate for 3 ... 1) the name on the certificate matches the name of the website. ... SSL certificate on a site was not issued by a trusted publisher, ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Should I install my own CA for use with OWA?
    ... Does that mean it doesn't matter which one I put it on? ... Both types can be AD integrated, the enterprise version is manditory, the ... I have seen a script to install the cert in the trusted zones and I can ... the OWA would be accessed from ...
    (microsoft.public.exchange2000.setup.installation)
  • Re: Should I install my own CA for use with OWA?
    ... Does that mean it doesn't matter which one I put it on? ... Both types can be AD integrated, the enterprise version is manditory, the ... I have seen a script to install the cert in the trusted zones and I can ... the OWA would be accessed from ...
    (microsoft.public.win2000.networking)
  • Re: Should I install my own CA for use with OWA?
    ... Does that mean it doesn't matter which one I put it on? ... Both types can be AD integrated, the enterprise version is manditory, the ... I have seen a script to install the cert in the trusted zones and I can ... the OWA would be accessed from ...
    (microsoft.public.inetserver.iis.security)
  • Re: Should I install my own CA for use with OWA?
    ... Does that mean it doesn't matter which one I put it on? ... Both types can be AD integrated, the enterprise version is manditory, the ... I have seen a script to install the cert in the trusted zones and I can ... the OWA would be accessed from ...
    (microsoft.public.win2000.security)