I also read that is recommended that a standalones should be setup outside the network. But if you decide for an Enterprise installation you can also do secure e-mail encryption, logons, smartcards, etc.
Nelson -----Original Message----- From: Crouthamel, Jonathan [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 6:21 AM To: MS-Exchange Admin Issues Subject: RE: SSL on OWA >From my reading there seems to be two main ones to choose from. Enterprise and Standalone. The Enterprise is AD aware and can issue certs to machines automatically. I did read somewhere that the standalone CA can be a security risk if installed into AD. Has anybody else heard this? Anyway, getting a little off topic. If I understand this correctly, when one of my users connects to our OWA server they are not requesting a cert, they are just establishing a secure connection...right??? So when white papers state that if you are issuing certs to users outside your organization you should use a standalone CA, this is not applicable to my situation...right???? :) Jonathan -----Original Message----- From: Ben Winzenz [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 8:55 AM To: MS-Exchange Admin Issues Subject: RE: SSL on OWA Sounds like you might benefit from your own CA then. Isn't there an option to install Enterprise Standalone CA? Been awhile since I did my last install. Do remember also that once you install the cert and assign it to the web page, you will always get that notification window stating that the cert could not be verified to be from a trusted source, or something like that. It will work fine though. Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems -----Original Message----- From: Crouthamel, Jonathan [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 8:36 AM To: MS-Exchange Admin Issues Subject: RE: SSL on OWA Our current cert is nearing expiration. Verisign has also opted to up the cost to almost 900 bucks. With aspirations of putting a cert on the workstyle server as well as some secure web sites we are looking to an alternative to verisign. With CA built into windows it seems like a good alternative. Jonathan -----Original Message----- From: David White [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 5:56 PM To: MS-Exchange Admin Issues Subject: RE: SSL on OWA Not sure you need to set up a CA at all. Just use the cert and you will be fine. David -----Original Message----- From: Crouthamel, Jonathan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 10:28 AM To: MS-Exchange Admin Issues Subject: SSL on OWA Hi all, We currently have a cert from verisign to enable ssl for our OWA users. We are in the process of setting up Windows 2000 Certificate Authority on our test network and are stumped with the first option of what to install, enterprise or standalone CA. We don't want to issue certificates to users on the outside, we just want them to establish a secure connection with our OWA server like it is currently configured with the verisign cert. Any insight is appreciated. Thanks. Jonathan Crouthamel - MCSE/CNA Technical Services Supervisor Systems Administrator Datavision-Prologix, Inc. Phone: 215.442.7400 x1150 Email: [EMAIL PROTECTED] *** CONFIDENTIALITY NOTICE *** Privileged/Confidential Information may be contained in this message and/or its attachments. This message and its attachments are intended only for use by the individual(s) listed as the recipient(s). If you are not one of the intended recipient(s), or responsible for delivery of the message to such person, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this message in error, please notify the sender by return email and destroy all copies of the email. Opinions, conclusions and other information in this message that do not relate to official company business shall be understood as neither given nor endorsed by the company. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm *** CONFIDENTIALITY NOTICE *** Privileged/Confidential Information may be contained in this message and/or its attachments. This message and its attachments are intended only for use by the individual(s) listed as the recipient(s). If you are not one of the intended recipient(s), or responsible for delivery of the message to such person, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this message in error, please notify the sender by return email and destroy all copies of the email. Opinions, conclusions and other information in this message that do not relate to official company business shall be understood as neither given nor endorsed by the company. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm *** CONFIDENTIALITY NOTICE *** Privileged/Confidential Information may be contained in this message and/or its attachments. This message and its attachments are intended only for use by the individual(s) listed as the recipient(s). If you are not one of the intended recipient(s), or responsible for delivery of the message to such person, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this message in error, please notify the sender by return email and destroy all copies of the email. Opinions, conclusions and other information in this message that do not relate to official company business shall be understood as neither given nor endorsed by the company. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm This electronic message and any attachments contain information which is confidential and may be legally privileged. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm