+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Windows Server 2008 R2 Thread, exchange 2007 certificates in Technical; Time has come for us to purchase a certificate for the owa services on our exchange 2007 machine. Which certificate ...
  1. #1

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49

    exchange 2007 certificates

    Time has come for us to purchase a certificate for the owa services on our exchange 2007 machine.
    Which certificate do I need ? and can anyone recommend a supplier ? - not 123-reg as they are being annoying.

    I was thinking of a free single domain cert from startssl and using this guide Exchange - Exchange 2007 Single Name SSL Certificate | Amset.info - but would rather have as little hassle as possible.

  2. #2

    HarryMonkey's Avatar
    Join Date
    Mar 2007
    Location
    Bedford
    Posts
    1,134
    Thank Post
    56
    Thanked 217 Times in 164 Posts
    Rep Power
    173

  3. #3

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    cheers, but we don't have an .edu domain, trying to find cheapest ucc cert now

  4. #4

    HarryMonkey's Avatar
    Join Date
    Mar 2007
    Location
    Bedford
    Posts
    1,134
    Thank Post
    56
    Thanked 217 Times in 164 Posts
    Rep Power
    173
    Quote Originally Posted by caffrey View Post
    cheers, but we don't have an .edu domain, trying to find cheapest ucc cert now
    Neither do we ours is .org.uk

  5. #5

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    ah ok, so it works as long as its an educational establishment, just the .edu threw me - thanks!

  6. #6

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    are these free ones ucc ?

  7. #7

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    If you've got an AD then why not set up your own CA and issue from there - saves a whole lot of problems, especially if (like me) you keep issuing the certificate for the wrong domain name/purpose - quite trickey with Exch 2010 & I presume 2007 is the same.

  8. #8

    HarryMonkey's Avatar
    Join Date
    Mar 2007
    Location
    Bedford
    Posts
    1,134
    Thank Post
    56
    Thanked 217 Times in 164 Posts
    Rep Power
    173
    But then this causes problems with OWA as it's not a trusted certificate.

    You might want to have a look here ...

    How to create a certificate request for an Exchange 2007 UCC

  9. #9

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    I did / had no issues with own CA, however with all this snow, suddenly everyones using owa - and people want it fixing now even tho i've explained how to click past the cert error.
    I did use digicert to create the CSR and i'm currently waiting on ipsca now. Bit concerned as to wether its a ucc tho ?

    this seems a good straightforward document for certs Sembee | Exchange 2007 and SSL Certificates - Take 2

  10. #10

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    Quote Originally Posted by stevenewman View Post
    But then this causes problems with OWA as it's not a trusted certificate
    On Domain computers you can use a GPO to install the CA certificate (i.e. your own CA) in their Trusted store, then all issued certifcates will automatically be trusted. For non-domain computers, if you're in a school I don't see why you can't tell your users either to ignore the OWA certificate's 'not-trusted' pop-up or else to add the cert to their trusted store manually. Works nicely for us. (edit: ah, just read your last post - maybe your users are too thick for this!)

  11. #11

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    they see big warning signs and run away - not a bad attitude i admit, but they should read and see what it says first.

    well got the certificate from ipsca now time to break things i guess ;p

  12. #12

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    well installed, and with a bit of messing got it to work (cert errors in outlook internally but was easy enough to fix), thanks for the link

    cert doesnt seem to be trusted in firefox tho ?

  13. #13

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I know you shouldn't knock a free.. but IPSCA was a bit of a pain for OWA last time I went near one. You need to make sure you have reasonably current MS cert updates on Windows OS's which isn't very predictable for home PCs, you also need to install and serve up the intermediate certs on the Exchange server etc. May well be fixable because I spent very little time on it, but I gave up on trying to figure out how to make Firefox happy.

    All-in-all it wasn't obvious that this was easier than using your own CA, and then giving your users the CA cer file to install on any non-domain machines. OWA is not a general public web service after all, the user's are your own and can be told that if they want the warnings gone strongly enough then all they need to do is...

  14. #14

    Join Date
    May 2010
    Posts
    1,056
    Thank Post
    106
    Thanked 89 Times in 66 Posts
    Rep Power
    49
    I've since done a bit of reading about IPSCA and it seems they are only really supported by Microsoft.
    I've tried our owa in osx, linux and windows (xp and 7) and found it only works on windows with chrome or IE (7,8,9) (not firefox) so not that much better than a self cert
    shame really might have to consider getting a multi domain from godaddy or similar, that or plead ignorance and say our IT dept. only supports windows and microsoft browsers ;p

    BTW I tried using 123-reg but their support is terrible, I just couldn't get the CSRs to work on their site and the delay in responding to questions was horrendous!

  15. #15

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    888
    Thank Post
    282
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    We use ipSCA for our certificates and all work well with our Exchange OWA, VLE and for remote access.

    The only browser complaining at the moment about them is Firefox, why its taken so long I don't know. I did look on the bug/request list for Firefox and apparently the developers have asked for more info from ipSCA but have not recieved it for some reason. I've already had one parent querying the certificate while their child accessed our VLE but I wrote a short e-mail explaining the situation.

    Saves a bit of money for the school, I know certs are cheaper these days but a saving is a saving.

    As mentioned you don't need a .edu domain, I got ours for our .sch.uk domain but the education certificates are manually checked (takes a bit longer) but work fine.

    Pete

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. in a muddle with exchange 2010 sp1 (owa and certificates)
    By sacrej in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 13th October 2010, 09:26 AM
  2. Moving exchange 2007 to another exchange 2007 box
    By irsprint84 in forum Windows Server 2008
    Replies: 7
    Last Post: 7th September 2010, 09:10 AM
  3. Exchange 2007 Moss 2007 offline
    By imiddleton25 in forum Windows
    Replies: 0
    Last Post: 10th November 2009, 10:13 AM
  4. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM
  5. Replies: 0
    Last Post: 12th September 2008, 09:34 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •