#2 is not necessarily true. I did not install the self-signed cert into my iPhone.
On Tue, Jul 21, 2009 at 12:27 PM, Peter Johnson <peter.john...@peterstow.com > wrote: > With regards to this issue I believe the following is true with a self > signed certificate > > > > 1.) On the browsers the users would have to agree to continue to the > site everytime until they add the certificate to the machine. This is a pain > particularly with mobile users and OWA access from ad-hoc computers such as > Internet Kiosks etc. > > 2.) Mobile phones using activesync will not work until the self signed > cert is installed onto the device. This becomes an admin overhead. > > > > The worst case is if you have to rebuild the server in disaster recovery u > generate a new certificate and the entire cycle starts all over again. I’ve > been through this and it’s not fun!! > > > > With regards to certificates I’ve used Digicert a few times and always had > good results particularly with SAN certificates which you will need for > Exchange 2007 going forward. > > > > Regards > > Peter Johnson > > > > > > > > > > *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] > *Sent:* 21 July 2009 16:46 > > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA / SSL question > > > > I know about GoDaddy, and recommend it every time any of our 4 SSL certs > come up for renewal. But the manager wants to stay with the “industry > standard” Verisign. I’m the kind of guy that buys the Shasta colas, or the > Sam’s colas, because it’s pretty much the same thing at half the price. > > > > I have also looked at generating our own cert, which really makes sense for > this purpose, as it’s only internal users that will be accessing OWA. What > could they face from home, if I use a homemade cert? Are there browser > issues, with certain browsers not liking homemade certs? > > > > Joe Heaton > > Employment Training Panel > > > > *From:* David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] > *Sent:* Tuesday, July 21, 2009 8:42 AM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA / SSL question > > > > If your cert expires, users will have to either configure their browsers to > allow them to go the site, or click through warning/error messages to get > there. > > I would believe depending on your mobile phone setup those users will have > similar problems. > > Have you looked into generating your own internal certificate? > > > > CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47 > > > > > ------------------------------ > > *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] > *Sent:* Tuesday, July 21, 2009 11:27 AM > *To:* MS-Exchange Admin Issues > *Subject:* OWA / SSL question > > Guys, > > > > Due to the budget issues here in California, my agency is down to the wire > with renewing our SSL cert for Exchange. I’ve already told my manager that > we can easily go with one of the cheaper alternatives, and have the same > security, but she’s really wanting to stick with Verisign. Due to this, our > SSL cert may end up expiring. I’ve told her that the impact would be that I > would have to turn off OWA. In addition, wouldn’t our phones be affected? > We’re using Activesync on our Windows Mobile devices, and requiring the SSL > connection. Would we be able to make a secure SSL connection without the > cert? I’m thinking this is possibly a stupid question, but my brain is > really fuzzy this morning. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > jhea...@etp.ca.gov > > >
<<image002.jpg>>
<<image001.jpg>>
