You can certainly use a homemade cert. Users will get a warning that they will have to click through (annoying and does not enforce best practices). Depending on their browser config they may not be allowed access at all. Additionally, we have found that with some browsers users will get annoying warnings and popups as they navigate through their OWA sessions, hence us going from an internal cert to GoDaddy. Good luck! I know it can be difficult to get other people to understand what is right.
________________________________ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, July 21, 2009 11:46 AM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question I know about GoDaddy, and recommend it every time any of our 4 SSL certs come up for renewal. But the manager wants to stay with the "industry standard" Verisign. I'm the kind of guy that buys the Shasta colas, or the Sam's colas, because it's pretty much the same thing at half the price. I have also looked at generating our own cert, which really makes sense for this purpose, as it's only internal users that will be accessing OWA. What could they face from home, if I use a homemade cert? Are there browser issues, with certain browsers not liking homemade certs? Joe Heaton Employment Training Panel From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Tuesday, July 21, 2009 8:42 AM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question If your cert expires, users will have to either configure their browsers to allow them to go the site, or click through warning/error messages to get there. I would believe depending on your mobile phone setup those users will have similar problems. Have you looked into generating your own internal certificate? CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47 ________________________________ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, July 21, 2009 11:27 AM To: MS-Exchange Admin Issues Subject: OWA / SSL question Guys, Due to the budget issues here in California, my agency is down to the wire with renewing our SSL cert for Exchange. I've already told my manager that we can easily go with one of the cheaper alternatives, and have the same security, but she's really wanting to stick with Verisign. Due to this, our SSL cert may end up expiring. I've told her that the impact would be that I would have to turn off OWA. In addition, wouldn't our phones be affected? We're using Activesync on our Windows Mobile devices, and requiring the SSL connection. Would we be able to make a secure SSL connection without the cert? I'm thinking this is possibly a stupid question, but my brain is really fuzzy this morning. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov
<<image001.jpg>>
<<image002.jpg>>