In a privately-held corporation, the owner trumps any EVP, SVP, or PHB!
-----Original Message-----
From: Don Andrews [mailto:don.andr...@safeway.com]
Sent: Wednesday, July 22, 2009 2:56 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA / SSL question
We have a nice EVP authored policy that says;
<quote>
{The company] maintains a policy that all individual communication services are
owned by [the company] and are intended solely for business use.
[The company] does not allow employee-owned communication devices or mobile
numbers to become corporate devices.
There will be no exceptions made to Corporate Ownership.
<unquote>
This has been tested several times and the same answer comes back - what part
of no don't you understand?
iPhones are not on the list of cell phone choices for company phones.
Blackberries are but not including the storm.
-----Original Message-----
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Wednesday, July 22, 2009 10:40 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA / SSL question
We said "no", then our owner said "yes".
We said "well, ok then"
-----Original Message-----
From: Don Andrews [mailto:don.andr...@safeway.com]
Sent: Wednesday, July 22, 2009 12:34 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA / SSL question
One of the reasons many of us just say no to requests to connect iPhones to
company email.
-----Original Message-----
From: Peter Johnson [mailto:peter.john...@peterstow.com]
Sent: Wednesday, July 22, 2009 1:18 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA / SSL question
Thanks very much for the info Michael. That strikes me as a bit of a security
risk though.
-----Original Message-----
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: 22 July 2009 04:19
To: MS-Exchange Admin Issues
Subject: Re: OWA / SSL question
Its true and not at the same time. Its true because no, you dont
install a self-signed cert. Its false that the iPhone "works" with
them, because it doesnt. It ignores the security condition.
However, I believe you can put your own certs on an iPhone via the
iPhone Configuration Utility.
http://www.macworld.com/article/134381/2008/07/iphone_config_utility.html
http://www.apple.com/support/iphone/enterprise/
--
ME2
On Tue, Jul 21, 2009 at 7:50 PM, Greg
Wright<greg.wri...@wineselectors.com.au> wrote:
> This is the best response I have read so far on this subject. Of importance
> is the issue of mobile clients. Depending upon version, they vary from easy
> to install an un-trusted Authorities certificate to being impossible to
> install one.
>
>
>
> Jonathan Link said "#2 is not necessarily true. I did not install the
> self-signed cert into my iPhone."
>
>
>
> I am not sure about this being true, and would like to hear from others. My
> experience and opinion of others in my immediate vicinity who have set these
> up indicate that Self-Signed SSL certificates do not work with iPhone (just
> as with WinMobiles). Maybe you aren't using SSL in your OWA setup?
>
>
>
> From: Peter Johnson [mailto:peter.john...@peterstow.com]
> Sent: Wednesday, 22 July 2009 2:28 AM
> To: MS-Exchange Admin Issues
> Subject: RE: OWA / SSL question
>
>
>
> With regards to this issue I believe the following is true with a self
> signed certificate
>
>
>
> 1.) On the browsers the users would have to agree to continue to the site
> everytime until they add the certificate to the machine. This is a pain
> particularly with mobile users and OWA access from ad-hoc computers such as
> Internet Kiosks etc.
>
> 2.) Mobile phones using activesync will not work until the self signed
> cert is installed onto the device. This becomes an admin overhead.
>
>
>
> The worst case is if you have to rebuild the server in disaster recovery u
> generate a new certificate and the entire cycle starts all over again. I've
> been through this and it's not fun!!
>
>
>
> With regards to certificates I've used Digicert a few times and always had
> good results particularly with SAN certificates which you will need for
> Exchange 2007 going forward.
>
>
>
> Regards
>
> Peter Johnson
>
>
>
>
>
>
>
>
>
> From: Joe Heaton [mailto:jhea...@etp.ca.gov]
> Sent: 21 July 2009 16:46
> To: MS-Exchange Admin Issues
> Subject: RE: OWA / SSL question
>
>
>
> I know about GoDaddy, and recommend it every time any of our 4 SSL certs
> come up for renewal. But the manager wants to stay with the "industry
> standard" Verisign. I'm the kind of guy that buys the Shasta colas, or the
> Sam's colas, because it's pretty much the same thing at half the price.
>
>
>
> I have also looked at generating our own cert, which really makes sense for
> this purpose, as it's only internal users that will be accessing OWA. What
> could they face from home, if I use a homemade cert? Are there browser
> issues, with certain browsers not liking homemade certs?
>
>
>
> Joe Heaton
>
> Employment Training Panel
>
>
>
> From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
> Sent: Tuesday, July 21, 2009 8:42 AM
> To: MS-Exchange Admin Issues
> Subject: RE: OWA / SSL question
>
>
>
> If your cert expires, users will have to either configure their browsers to
> allow them to go the site, or click through warning/error messages to get
> there.
>
> I would believe depending on your mobile phone setup those users will have
> similar problems.
>
> Have you looked into generating your own internal certificate?
>
>
>
> CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47
>
>
>
>
>
> ________________________________
>
> From: Joe Heaton [mailto:jhea...@etp.ca.gov]
> Sent: Tuesday, July 21, 2009 11:27 AM
> To: MS-Exchange Admin Issues
> Subject: OWA / SSL question
>
> Guys,
>
>
>
> Due to the budget issues here in California, my agency is down to the wire
> with renewing our SSL cert for Exchange. I've already told my manager that
> we can easily go with one of the cheaper alternatives, and have the same
> security, but she's really wanting to stick with Verisign. Due to this, our
> SSL cert may end up expiring. I've told her that the impact would be that I
> would have to turn off OWA. In addition, wouldn't our phones be affected?
> We're using Activesync on our Windows Mobile devices, and requiring the SSL
> connection. Would we be able to make a secure SSL connection without the
> cert? I'm thinking this is possibly a stupid question, but my brain is
> really fuzzy this morning.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA 95814
>
> (916) 327-5276
>
> jhea...@etp.ca.gov
>
>
