+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, SSL Certs with no intermediate stuff in Technical; Not really delt with Certs much but I thought it'd be nice to offer SSL over OWA ) I need ...
  1. #1

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,830
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69

    SSL Certs with no intermediate stuff

    Not really delt with Certs much but I thought it'd be nice to offer SSL over OWA ) I need to buy a cert but I'd rather not have the additional pain of using intermediate certs.

    btw is it worth getting a wildcard cert? or is it a service?

    Plus if anyone has a nice clear guide on using certs with exchange 2007 that'd be nice to. (I know enough to refresh my Self certs but thats it)

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,313
    Thank Post
    901
    Thanked 1,798 Times in 1,549 Posts
    Blog Entries
    12
    Rep Power
    466
    for exchange you will need a SAN cert and include the internal name of your Exchange server. If you dont your outlook clients will give your certificate errors. You can use a wildcard and do this with Exchange but i am not sure if it is supported.

  3. #3

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,830
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    Oh? I cant just get a cert for the IIS and leave the rest self cert?

  4. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    You can, OWA just uses IIS, so you can use a 3rd party cert for simplcity.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,313
    Thank Post
    901
    Thanked 1,798 Times in 1,549 Posts
    Blog Entries
    12
    Rep Power
    466
    Erm i have a feeling you cant in exchange @sukh might know

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,268
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    You can use a non SAN cert in exchange but you must use split DNS and mess with the autodiscover and other internal URLs to make them all use the same domains internally and externally.

  7. #7

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    For simplicity, get a 3rd part cert otherwsie end users will get cert prompts. If you do get a 3rd part cert, then you simply assign this to the services you want, i.e IIS, SMTP, IMAP4 etc..

    Get the name you want in the cert, make sure to get your common name correct and that's just about it.

  8. #8

    Join Date
    Nov 2010
    Location
    California
    Posts
    137
    Thank Post
    0
    Thanked 24 Times in 22 Posts
    Rep Power
    13
    I would just do it the proper way and get a UCC/SAN cert. We use GoDaddy for this as they are pretty cheap.

    This way its the recommended format, it works properly and you dont have to do any special configs.

  9. #9


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,620
    Thank Post
    250
    Thanked 2,904 Times in 2,137 Posts
    Rep Power
    829
    Quote Originally Posted by chazzy2501 View Post
    I'd rather not have the additional pain of using intermediate certs.
    You are going to have to pay a lot more if you don't want an intermediate certificate. I can't see the "pain" being worth the additional cost personally.

    For a 5 domain 3 year UCC, GoDaddy charge $215.97 (£140.48) whereas DigiCert charge $928 (£603.62). A difference of £463.14!

  10. #10

    Join Date
    Nov 2010
    Location
    California
    Posts
    137
    Thank Post
    0
    Thanked 24 Times in 22 Posts
    Rep Power
    13
    What do you mean additional pain of an intermediate cert? You download it, put it in the intermediate store of your exchange server and voila! done.

  11. #11
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    54
    Thank Post
    2
    Thanked 11 Times in 10 Posts
    Rep Power
    7
    We use a wildcard certificate to cover our OWA and other external services we provide.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 29th November 2010, 02:10 PM
  2. Replies: 7
    Last Post: 4th August 2008, 02:50 PM
  3. Error with NEW SSL Cert in OWA
    By ICTNUT in forum Windows
    Replies: 3
    Last Post: 15th November 2007, 09:35 AM
  4. Replies: 3
    Last Post: 6th November 2006, 08:50 PM
  5. Creating a "normal.dot" with no toolbars
    By contink in forum How do you do....it?
    Replies: 2
    Last Post: 11th October 2006, 02:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •