We used these ... free for schools ... SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits
Time has come for us to purchase a certificate for the owa services on our exchange 2007 machine.
Which certificate do I need ? and can anyone recommend a supplier ? - not 123-reg as they are being annoying.
I was thinking of a free single domain cert from startssl and using this guide Exchange - Exchange 2007 Single Name SSL Certificate | Amset.info - but would rather have as little hassle as possible.
cheers, but we don't have an .edu domain, trying to find cheapest ucc cert now
ah ok, so it works as long as its an educational establishment, just the .edu threw me - thanks!
are these free ones ucc ?
If you've got an AD then why not set up your own CA and issue from there - saves a whole lot of problems, especially if (like me) you keep issuing the certificate for the wrong domain name/purpose - quite trickey with Exch 2010 & I presume 2007 is the same.
I did / had no issues with own CA, however with all this snow, suddenly everyones using owa - and people want it fixing now even tho i've explained how to click past the cert error.
I did use digicert to create the CSR and i'm currently waiting on ipsca now. Bit concerned as to wether its a ucc tho ?
this seems a good straightforward document for certs Sembee | Exchange 2007 and SSL Certificates - Take 2
they see big warning signs and run away - not a bad attitude i admit, but they should read and see what it says first.
well got the certificate from ipsca now time to break things i guess ;p
well installed, and with a bit of messing got it to work (cert errors in outlook internally but was easy enough to fix), thanks for the link
cert doesnt seem to be trusted in firefox tho ?
I know you shouldn't knock a free.. but IPSCA was a bit of a pain for OWA last time I went near one. You need to make sure you have reasonably current MS cert updates on Windows OS's which isn't very predictable for home PCs, you also need to install and serve up the intermediate certs on the Exchange server etc. May well be fixable because I spent very little time on it, but I gave up on trying to figure out how to make Firefox happy.
All-in-all it wasn't obvious that this was easier than using your own CA, and then giving your users the CA cer file to install on any non-domain machines. OWA is not a general public web service after all, the user's are your own and can be told that if they want the warnings gone strongly enough then all they need to do is...
I've since done a bit of reading about IPSCA and it seems they are only really supported by Microsoft.
I've tried our owa in osx, linux and windows (xp and 7) and found it only works on windows with chrome or IE (7,8,9) (not firefox) so not that much better than a self cert
shame really might have to consider getting a multi domain from godaddy or similar, that or plead ignorance and say our IT dept. only supports windows and microsoft browsers ;p
BTW I tried using 123-reg but their support is terrible, I just couldn't get the CSRs to work on their site and the delay in responding to questions was horrendous!
We use ipSCA for our certificates and all work well with our Exchange OWA, VLE and for remote access.
The only browser complaining at the moment about them is Firefox, why its taken so long I don't know. I did look on the bug/request list for Firefox and apparently the developers have asked for more info from ipSCA but have not recieved it for some reason. I've already had one parent querying the certificate while their child accessed our VLE but I wrote a short e-mail explaining the situation.
Saves a bit of money for the school, I know certs are cheaper these days but a saving is a saving.
As mentioned you don't need a .edu domain, I got ours for our .sch.uk domain but the education certificates are manually checked (takes a bit longer) but work fine.
There are currently 1 users browsing this thread. (0 members and 1 guests)