Home > Exchange > Exchange Certificates

Exchange Certificates

A few people are now asking me about SSL certificates with Exchange 2007, with good reason.
 
In Exchange 2003, administratoras were advised to accquire a cert for services such as OWA and Activesync.
In Exchange 2007, we now have out-of-the-box self-signed certs applied by default to get us started, but they should only be used as a short term measure (eg during testing), and be replaced before servers go into production.
 
To replace, we need either a) an online CA, b) our own in-house CA server to obtain one from.
One costs £, one is ‘free’ of cost, but both have pro’s and con’s.
 
Smaller organisations will typically opt for in-house certs as the cost is only that of installing/maintaining certificate services. With that, they can use the CA for other cert needs too, such as IPSec or VPN’s, and user-based S/MIME uses in OWA/Outlook.
 
Bigger organisations will typically pay around £100/year or so for Internet-based CA certificates. The advantage here is public visibility. Users will not be prompted by the browser whether or not they trust the issuer.  This is also a lot easier when it comes to Activesync mobiles too, as they have a pre-built list of trusted root CA’s.
 
Either way, you will want to look into SAN’s (subject alternate names) and enabling the same cert for different uses eg POP/HTTPS etc.
See Technet here for details and EMS code examples.
 
Happy cert’ing 🙂
Advertisements
Categories: Exchange
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: