Re: Should I install my own CA for use with OWA?
From: mmac (no_at_thank.you)
Date: Mon, 19 Jul 2004 23:23:28 -0700
Got me thinking about FreeSSL now...
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> Another 2 cents.
> Unless you intend to make other uses of PKI beyond just
> enabling SSL for OWA you may be best off just buying
> a certificate from a public authority.
> 1. None of these. You root CA should be maintained in an
> off-line state, with day-to-day being handled by a subordinate.
> 2. Not necessarily inform the users, but you would need to touch
> all your client machines so that your CA is a trusted root.
> 3. If you do go the CA route, then enterprise. You do not indicate
> whether your traveling people will only access OWA from
> your mobile devices. If they will use unowned devices, then
> those will not have your CA as trusted and so will not be able
> to establish SSL. Use of a public cert is the most simple and
> inexpensive way to enable any device to successfully use SSL
> for your OWA.
> 4. probably a moot point by now
> 5. see above, in 1
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "mmac" <firstname.lastname@example.org> wrote in message
> > Using win2k, exchange 2k.
> > I need to enable Outlook Web Access for my traveling people, I
> > that to do this properly I need to use using SSL. I know next to
> > about this subject so I am running through a technet article on the
> > and here are the first questions that come to mind, All this is assuming
> > that I should install my own CA. If I shouldn't why not?
> > 1. I have a webserver, email server, and streaming media server, would
> > matter which one I installed CA on?
> > 2. Will anything on my existing LAN change when this is completed that I
> > would have to advise users about? Does this become a part of daily life
> > only when the OWA is accessed?
> > 3.Should I use an Enterprise CA or StandAlone? All legitimate users
> > obviously have an email account and therefore be in AD so it seems that
> > would want the Enterprise style. However, the OWA would be accessed from
> > over the world on any number of outside networks. Does it matter where
> > OWA would be accessed from?
> > 4. how long should I make the Certs Valid for?
> > 5. What good would a subordinate CA be for me? If I understand it
> > none?
> > I will have a bunch more but this is a start. Help?