New Exchange 2007 setup - OWA question about SSL cert
New Exchange 2007 set up on a SBS 2008 server.
What is the simplest way to get rid of the annoying msg for OWA clients about the cert not being valid? I've searched for hours and found all sorts of complicated ways but no simple "step by step" from start to finish. I would like to use Windows CA to generate
a cert if possible so I don't have to purchase a 3rd party one (I realize I will have to renew yearly). There's got to be a complete set of instructions out there somewhere?
Thanks,
John
November 17th, 2011 7:42pm
Windows CA is not going to fix the problem because the clients will not trust those certificates. You need to use a commercial certificate.
SBS is a pig because of the way everything integrates.
Personally I only do commercial certificates so that everything works everywhere. $60/year for the certificate.
I have instructions on the process here:
http://exchange.sembee.info/2007/install/multiplenamessl.asp
Along with the special instructions for SBS 2008 here:
http://exchange.sembee.info/2007/install/sbs2008ssl.asp
It is basically the regular certificate method for Exchange 2007, just activated through SBS.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2011 8:06pm
Thanks Simon for the response and links.
So there's no way around purchasing a 3rd party cert? I have seen several articles mention installing Windows CA to generate a cert. Why would they propose that if the OWA clients wouldn't trust them?
John
November 18th, 2011 11:30am
Thanks Simon for the response and links.
So there's no way around purchasing a 3rd party cert? I have seen several articles mention installing Windows CA to generate a cert. Why would they propose that if the OWA clients wouldn't trust them?
John
People are tight and want to save money and will live with the errors.
The Windows CA is only an option if you have control over 100% of the clients. Even then they still be a poor choice because of the need to install something on every device.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2011 12:49pm
It is a small office and I do have control of the devices. Currently it is about 5 PC's and 5 laptops, and maybe a couple iphones/ipads. They are switching from external Gmail and I suggested OWA to save the cost of buying Outlook for each workstation.
The iphones I will set up using the VPN connection to Exchange. Would this setup work with the Win CA generated cert?
Thanks again for your help.
John
November 18th, 2011 12:58pm
To be honest, it will cost more in consultant and managing cost than 60$ per year
So the suggestion is still to buy a 3rd part certificate
Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog:
http://www.testlabs.se/blog | Follow me on twitter:
jonand82
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2011 9:49am
Yes I agree it is much easier and less of a headache to go with a 3rd party cert.
However, if you still wish to go with the internal CA and you have full control over all machines and they are domain joined you could look at configuring a group policy to apply the root CA to each machine.
November 22nd, 2011 8:32am
Yes, you can deploy Windows CA and use those certificates
Just make sure to deploy the root certificate(s) into the devices that are going to use the Windows CA
http://www.petri.co.il/install_windows_server_2003_ca.htm
Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog:
http://www.testlabs.se/blog | Follow me on twitter:
jonand82
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2011 4:52am