While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that "homegrown" certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients.
Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying "give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted." Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. ********************************* * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * ********************************* > > -----Original Message----- > From: Scott Force [mailto:[EMAIL PROTECTED] > Sent: Friday, June 13, 2003 10:32 AM > To: Exchange Discussions > > I've setup OWA (5.5/6a) and I now want to secure it with SSL. > I have a > stand alone 2000 server where IIS and OWA are installed in an NT 4.0 > domain. Do I have to install Certificate Services on the > 2000 server or > can I use one from a third party (ie VeriSign) vendor? > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]