+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
Internet Related/Filtering/Firewall Thread, Exchange ssl cert up for renewal.. who to use? in Technical; ...
  1. #16


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,045
    Thank Post
    231
    Thanked 2,710 Times in 2,001 Posts
    Rep Power
    793
    Quote Originally Posted by RabbieBurns View Post
    Who do you all use for your certificates?
    We use a UCC certificate from GoDaddy for our Exchange 2010 server mainly because they were cheap (£345.48 - 10 domains/5 years using the REV11 discount code for 15% off the total). My only gripe with them is that their support is based in the USA, so it can take a lot longer to get issues resolved (days instead of hours).

    Quote Originally Posted by RabbieBurns View Post
    I'm contemplating getting a wildcard cert so I can install it on the firewall and spam appliance to get rid of the SSL errors, does a wildcard work with exchange (2007 btw)?
    Whether you go with a wildcard certificate depends upon what devices will be accessing your Exchange Server.

    If you want the best of both worlds, you can buy a wildcard certificate from DigiCert which enables you to add SANs to it. I think they are the only company that does this, so will be a bit more expensive than GoDaddy.

  2. 2 Thanks to Arthur:

    RabbieBurns (24th February 2011), sonofsanta (9th March 2011)

  3. #17

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    Just spoke to GoDaddy (they have a local sydney number, was answered in 10 mins) and was speaking to their USA dept.

    Will go for their UCC cert for now, cheers for the discount codes.

  4. #18

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    also, is there anything to be aware of if I update the cert during office hours. Will Outlook bitch? Will the server need a restart?

  5. #19
    InterwebsGuy's Avatar
    Join Date
    Jan 2011
    Posts
    229
    Thank Post
    58
    Thanked 23 Times in 23 Posts
    Rep Power
    11

  6. Thanks to InterwebsGuy from:

    RabbieBurns (24th February 2011)

  7. #20

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,744
    Thank Post
    914
    Thanked 1,334 Times in 814 Posts
    Blog Entries
    1
    Rep Power
    447
    Quote Originally Posted by clarky2k3 View Post
    We get ours from trustico
    We get from them too, this is literally the cert we use (and dont buy exchange specific ones) QuickSSL® Premium For Only £65.20 - Secure Mobile Devices, Issued Within Minutes, Free GeoTrust® Site Seal (UK)

  8. Thanks to ZeroHour from:

    RabbieBurns (24th February 2011)

  9. #21

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    Ordered a 5 domains/5 years using the REV11 discount code for 15% off the total, from GoDaddy, with big thanks to Arthur. Total was $300 AUD which is less than a third of the cost of the price of a single cert for a single year from verisign! In the good books today saving them a fair chunk of cash. Also, phoned their support twice today and got straight through (less than 10 mins wait)

    Cheers for all the other suggestions too folks, and hopefully this thread will be helpful to others in the same boat too..

  10. #22

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    I use RAPIDSSL Certificates and they are fairly cheap to be honest I have used godaddy in the past but there verification process seems to be a pain if you are in a school.

    James.

  11. #23

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    whats bad about their verif. process?

    the 2 emails I used to sign up with (billing and tech. contact) are the same 2 email addresses listed on our WHOIS not sure if that will make it faster?

    What issues did you have?

  12. #24

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by RabbieBurns View Post
    whats bad about their verif. process?

    the 2 emails I used to sign up with (billing and tech. contact) are the same 2 email addresses listed on our WHOIS not sure if that will make it faster?

    What issues did you have?
    They needed to basically verify that i was asking for it from the school, but then school level was not good enough so i had to get the LEA to do it.

    James.

  13. #25
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Comodo SSL Certificates I use

  14. #26

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,999
    Thank Post
    868
    Thanked 1,456 Times in 1,001 Posts
    Blog Entries
    47
    Rep Power
    642
    So just looking at getting a UCC cert for Exchange, but would also love to shoehorn it into service for ePortal (internal and external) and my Smoothwall (internal). Is there any harm in just sticking all 9/10 subdomains and aliases in the one UCC and importing that same certificate on the 3 different servers? And if it can be done, when I run the New-ExchangeCertificate command on Exch2007, should I provide all the subdomains I'm buying for, even the non-email (i.e. eportal) subdomains?

    Sorry to be a pain!

  15. #27

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    Id guess so yes.

    I used this wizard to help generate the Exchange Shell Command I needed for all my domains:

    https://www.digicert.com/easy-csr/exchange2010.htm

    It says 2010 but it worked fine for my 2007 server

  16. #28

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,999
    Thank Post
    868
    Thanked 1,456 Times in 1,001 Posts
    Blog Entries
    47
    Rep Power
    642
    Quote Originally Posted by RabbieBurns View Post
    Id guess so yes.

    I used this wizard to help generate the Exchange Shell Command I needed for all my domains:

    https://www.digicert.com/easy-csr/exchange2010.htm

    It says 2010 but it worked fine for my 2007 server
    I've got the 2k7 version of that open in another tab right now and that's what got me wondering - as that's generating the EMS command, does Exchange really need to be told all the eportal stuff? But then, would it hurt if I did?

  17. #29

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,527
    Thank Post
    1,339
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    199
    it needs to be in, as it is used and embedded in the certificate request

  18. Thanks to RabbieBurns from:

    sonofsanta (2nd March 2011)

  19. #30

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,999
    Thank Post
    868
    Thanked 1,456 Times in 1,001 Posts
    Blog Entries
    47
    Rep Power
    642
    Certificate in, working, cheap (& discounted, thanks Arthur), everything seems dandy.

    GoDaddy support was fine for me, by the by - the automatic approval malarkey didn't work because it couldn't work out that lincs.sch.uk was the TLD in itself, it thought we owned the domain sch.uk and everything else was a subdomain - but got through to someone on phone support within a few minutes and had it all sorted by e-mail that evening. Dead simple.

    Thanks everyone!

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 3
    Last Post: 29th November 2010, 01:10 PM
  2. Exchange 2007 SSL Cert Generation
    By wesleyw in forum How do you do....it?
    Replies: 7
    Last Post: 10th August 2010, 11:39 PM
  3. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  4. SSL cert
    By wesleyw in forum Windows
    Replies: 2
    Last Post: 13th August 2009, 09:21 AM
  5. Replies: 1
    Last Post: 18th April 2008, 09:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •