In a privately-held corporation, the owner trumps any EVP, SVP, or PHB! -----Original Message----- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Wednesday, July 22, 2009 2:56 PM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question
We have a nice EVP authored policy that says; <quote> {The company] maintains a policy that all individual communication services are owned by [the company] and are intended solely for business use. [The company] does not allow employee-owned communication devices or mobile numbers to become corporate devices. There will be no exceptions made to Corporate Ownership. <unquote> This has been tested several times and the same answer comes back - what part of no don't you understand? iPhones are not on the list of cell phone choices for company phones. Blackberries are but not including the storm. -----Original Message----- From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Wednesday, July 22, 2009 10:40 AM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question We said "no", then our owner said "yes". We said "well, ok then" -----Original Message----- From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Wednesday, July 22, 2009 12:34 PM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question One of the reasons many of us just say no to requests to connect iPhones to company email. -----Original Message----- From: Peter Johnson [mailto:peter.john...@peterstow.com] Sent: Wednesday, July 22, 2009 1:18 AM To: MS-Exchange Admin Issues Subject: RE: OWA / SSL question Thanks very much for the info Michael. That strikes me as a bit of a security risk though. -----Original Message----- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: 22 July 2009 04:19 To: MS-Exchange Admin Issues Subject: Re: OWA / SSL question Its true and not at the same time. Its true because no, you dont install a self-signed cert. Its false that the iPhone "works" with them, because it doesnt. It ignores the security condition. However, I believe you can put your own certs on an iPhone via the iPhone Configuration Utility. http://www.macworld.com/article/134381/2008/07/iphone_config_utility.html http://www.apple.com/support/iphone/enterprise/ -- ME2 On Tue, Jul 21, 2009 at 7:50 PM, Greg Wright<greg.wri...@wineselectors.com.au> wrote: > This is the best response I have read so far on this subject. Of importance > is the issue of mobile clients. Depending upon version, they vary from easy > to install an un-trusted Authorities certificate to being impossible to > install one. > > > > Jonathan Link said "#2 is not necessarily true. I did not install the > self-signed cert into my iPhone." > > > > I am not sure about this being true, and would like to hear from others. My > experience and opinion of others in my immediate vicinity who have set these > up indicate that Self-Signed SSL certificates do not work with iPhone (just > as with WinMobiles). Maybe you aren't using SSL in your OWA setup? > > > > From: Peter Johnson [mailto:peter.john...@peterstow.com] > Sent: Wednesday, 22 July 2009 2:28 AM > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > With regards to this issue I believe the following is true with a self > signed certificate > > > > 1.) On the browsers the users would have to agree to continue to the site > everytime until they add the certificate to the machine. This is a pain > particularly with mobile users and OWA access from ad-hoc computers such as > Internet Kiosks etc. > > 2.) Mobile phones using activesync will not work until the self signed > cert is installed onto the device. This becomes an admin overhead. > > > > The worst case is if you have to rebuild the server in disaster recovery u > generate a new certificate and the entire cycle starts all over again. I've > been through this and it's not fun!! > > > > With regards to certificates I've used Digicert a few times and always had > good results particularly with SAN certificates which you will need for > Exchange 2007 going forward. > > > > Regards > > Peter Johnson > > > > > > > > > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: 21 July 2009 16:46 > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > I know about GoDaddy, and recommend it every time any of our 4 SSL certs > come up for renewal. But the manager wants to stay with the "industry > standard" Verisign. I'm the kind of guy that buys the Shasta colas, or the > Sam's colas, because it's pretty much the same thing at half the price. > > > > I have also looked at generating our own cert, which really makes sense for > this purpose, as it's only internal users that will be accessing OWA. What > could they face from home, if I use a homemade cert? Are there browser > issues, with certain browsers not liking homemade certs? > > > > Joe Heaton > > Employment Training Panel > > > > From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] > Sent: Tuesday, July 21, 2009 8:42 AM > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > If your cert expires, users will have to either configure their browsers to > allow them to go the site, or click through warning/error messages to get > there. > > I would believe depending on your mobile phone setup those users will have > similar problems. > > Have you looked into generating your own internal certificate? > > > > CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47 > > > > > > ________________________________ > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Tuesday, July 21, 2009 11:27 AM > To: MS-Exchange Admin Issues > Subject: OWA / SSL question > > Guys, > > > > Due to the budget issues here in California, my agency is down to the wire > with renewing our SSL cert for Exchange. I've already told my manager that > we can easily go with one of the cheaper alternatives, and have the same > security, but she's really wanting to stick with Verisign. Due to this, our > SSL cert may end up expiring. I've told her that the impact would be that I > would have to turn off OWA. In addition, wouldn't our phones be affected? > We're using Activesync on our Windows Mobile devices, and requiring the SSL > connection. Would we be able to make a secure SSL connection without the > cert? I'm thinking this is possibly a stupid question, but my brain is > really fuzzy this morning. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > jhea...@etp.ca.gov > >