Author Topic: SSL certs, geeky Internet question (Read 439 times)

lee n. field · « **on:** February 20, 2012, 12:35:02 PM »

Looks like I need to get a signed SSL certificate for an Exchange server for a customer.

What's out there, adequate at least cost? Single site, single exchange server.

41magsnub · « **Reply #1 on:** February 20, 2012, 12:45:45 PM »

Exchange 2007 or newer where a multi-name cert would be nice? We use http://certificatesforexchange.com/

We buy the standard SSL cert with UCC enabled for cost of $59.99/yr

They are a godaddy reseller which pains me some.

Otherwise, we get a cheap $10/yr single name cert from Enom

RevDisk · « **Reply #2 on:** February 20, 2012, 01:51:10 PM »

Quote from: lee n. field on February 20, 2012, 12:35:02 PM

Looks like I need to get a signed SSL certificate for an Exchange server for a customer.

What's out there, adequate at least cost? Single site, single exchange server.

http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

Basically, ignore the cheapest and most expensive vendors. Comodo is alright. For the love of the odd Gods, do not go with GoDaddy.

Any certificate authority is basically two steps from being essentially a scam artist. I won't rant on the shortcomings of SSL, but basically it was a good idea for the early to mid 90's. Now it's hideously expensive, relatively poor security but better than nothing.

41magsnub · « **Reply #3 on:** February 20, 2012, 02:20:49 PM »

I guess a question would be what is the intent? Assuming exchange 2007 or 2010 in a small single server environment to make the self-signed certificate errors go away when accessing OWA?

If you drop a single name cert on exchange for that and the internal name does not match the external name (servername.ADdomain.local vs mail.publicdomain.com) then OWA will have a nice happy matching SSL cert but now when outlook 2007 or newer connect to the server it will generate an error on the client side. If you put in a UCC cert you can have the cert be valid for both the public and private names.

As much as godaddy can bite my ass, we have yet to find a UCC cert provider that is anywhere near the same ballpark for pricing on a UCC cert. In most cases, the above is the ONLY reason for the existence of the SSL cert at all so $60/yr vs ~$250/yr is a tough sell for a small business.

lee n. field · « **Reply #4 on:** February 20, 2012, 02:36:53 PM »

Quote from: 41magsnub on February 20, 2012, 02:20:49 PM

I guess a question would be what is the intent? Assuming exchange 2007 or 2010 in a small single server environment to make the self-signed certificate errors go away when accessing OWA?

That's exactly it. And, lot's of "it's asking for my password", which I'm guessing is related.

Quote

If you drop a single name cert on exchange for that and the internal name does not match the external name (servername.ADdomain.local vs mail.publicdomain.com) then OWA will have a nice happy matching SSL cert but now when outlook 2007 or newer connect to the server it will generate an error on the client side. If you put in a UCC cert you can have the cert be valid for both the public and private names.

As much as godaddy can bite my ass, we have yet to find a UCC cert provider that is anywhere near the same ballpark for pricing on a UCC cert. In most cases, the above is the ONLY reason for the existence of the SSL cert at all so $60/yr vs ~$250/yr is a tough sell for a small business.

Armed Polite Society

News:

Author Topic: SSL certs, geeky Internet question (Read 439 times)

lee n. field

SSL certs, geeky Internet question

41magsnub

Re: SSL certs, geeky Internet question

RevDisk

Re: SSL certs, geeky Internet question

41magsnub

Re: SSL certs, geeky Internet question

lee n. field

Re: SSL certs, geeky Internet question