• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL Certificate

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> SSL Certificate Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL Certificate - 19.Jan.2009 7:57:39 AM   
pannop

 

Posts: 4
Joined: 19.Jan.2009
Status: offline
I am implementing an Exchange 2007 system which consists of two-node Load-balancing ISA Reverse Proxy Servers, two-node Load-balancing Exchange 2007 Hub/CAS and two-node Exchange 2007 Mailbox Cluster. I would like to use SSL Certificates with OWA, ActiveSync and Outlook Anywhere. How many certificates do I need? Any help will be appreciated.
 
pannop
Post #: 1
RE: SSL Certificate - 19.Jan.2009 8:21:44 AM   
pjhutch

 

Posts: 3436
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline
You probably just need to one certitifcate which will be installed on your CAS servers using a common name e.g. mail.mydomain.com. You do not need external SSL for mailbox servers or ISA.

_____________________________

Peter Hutchison MCP
Exchange Administrator
University of Huddersfield

(in reply to pannop)
Post #: 2
RE: SSL Certificate - 19.Jan.2009 8:29:33 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
you might find this article is informative for you

http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html


_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to pjhutch)
Post #: 3
RE: SSL Certificate - 19.Jan.2009 9:13:39 AM   
jitendergupta

 

Posts: 80
Joined: 24.Dec.2008
Status: offline
Hi,

You need a SAN / UCC certificate which may cost around $80 - $100. The SAN /UCC certificate should include following FQDN's

https://owa.youcompany.com
https://autodiscover.yourcompany.com
https://Internal FQDN of your CAS servers

_____________________________

Jitender Kumar
MCSA, MCTS

(in reply to Ahmad Ramadan)
Post #: 4
RE: SSL Certificate - 19.Jan.2009 9:25:12 AM   
pannop

 

Posts: 4
Joined: 19.Jan.2009
Status: offline
Thank you pjhutch, Ahmad and jitendergupta.
 
jitendergupta, If I buy only one certificate, not SAN/UCC certificate, what will be the consequences? Please advise.

(in reply to pannop)
Post #: 5
RE: SSL Certificate - 19.Jan.2009 9:26:35 AM   
pannop

 

Posts: 4
Joined: 19.Jan.2009
Status: offline
jitendergupta, If I buy only one certificate, not SAN/UCC certificate, what will be the consequences? Please advise.

(in reply to jitendergupta)
Post #: 6
RE: SSL Certificate - 19.Jan.2009 9:30:20 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
100$ !!!
tell me what the CA company name????
come on man i have a running project for exchange 2007 and i have to buy a SAN Certificate it costed me around £5,170 for 10 common names 
 
i think it wil be more than 100$
 

_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to jitendergupta)
Post #: 7
RE: SSL Certificate - 19.Jan.2009 9:37:07 AM   
pannop

 

Posts: 4
Joined: 19.Jan.2009
Status: offline
Hi,
 
If I buy only one certificate, not SAN/UCC certificate, what will be the consequences? Please advise.

(in reply to Ahmad Ramadan)
Post #: 8
RE: SSL Certificate - 19.Jan.2009 9:53:19 AM   
pjhutch

 

Posts: 3436
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline
What is SAN/UCC ?

_____________________________

Peter Hutchison MCP
Exchange Administrator
University of Huddersfield

(in reply to pannop)
Post #: 9
RE: SSL Certificate - 19.Jan.2009 10:17:49 AM   
jitendergupta

 

Posts: 80
Joined: 24.Dec.2008
Status: offline
I appologize if i hurt you anyway. I bought a UCC certificate last year for $89 /yr. It has five domain included and the CA is godaddy.

_____________________________

Jitender Kumar
MCSA, MCTS

(in reply to Ahmad Ramadan)
Post #: 10
RE: SSL Certificate - 20.Jan.2009 1:21:13 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
good to know but tell me mate from who did u buy it?
coz i am contacting versign right now and this is the prise that they gave for 11 common names!!!!

_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to jitendergupta)
Post #: 11
RE: SSL Certificate - 20.Jan.2009 2:10:52 AM   
jitendergupta

 

Posts: 80
Joined: 24.Dec.2008
Status: offline
check this out

http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039



_____________________________

Jitender Kumar
MCSA, MCTS

(in reply to Ahmad Ramadan)
Post #: 12
RE: SSL Certificate - 20.Jan.2009 2:31:32 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
i check the link
and does it support Exchange 2007??
does it support multiple common name in my case 11 common name??
and why do u think versign is that expensive, do u know???
is it reliable and widley international known certificate??

tell me from your experience what do u think of this certificate..

i am gonna check this out with the project manager and see what we will do

waiting ur reply ASAP 

_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to jitendergupta)
Post #: 13
RE: SSL Certificate - 20.Jan.2009 5:12:03 AM   
jitendergupta

 

Posts: 80
Joined: 24.Dec.2008
Status: offline
Yes it supports exchange 2007, Microsoft office communication server 2007 and supports multiple subject alternative names.

You may check this out http://www.sslshopper.com/certificate-authority-reviews.html

As far as i'm concerned i'm using it for my company in US,PH & India. I'm not facing any issue.

Still certificate from verisign also is not going to cost more than $ 1000 max.
£5,170 is huge. 

_____________________________

Jitender Kumar
MCSA, MCTS

(in reply to Ahmad Ramadan)
Post #: 14
RE: SSL Certificate - 20.Jan.2009 6:40:26 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
no man believe me i just recieved the qutation yesterday from versign for 11 common names it costs £5,170
very WIRED!!

_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to jitendergupta)
Post #: 15
RE: SSL Certificate - 21.Jan.2009 10:13:08 AM   
remjak

 

Posts: 31
Joined: 16.Dec.2008
From: Norway
Status: offline
If you dont use a SAN/UC(Subject Alternative names/Unified Communincations) certificate you will get more problems than if you sre using the SAN/UCC.

Its more hassle to configure and set up and easier to get into problems.
Also free/busy information might not work for external OA clients.

Remi

(in reply to pannop)
Post #: 16
RE: SSL Certificate - 22.Jan.2009 1:44:07 AM   
Ahmad Ramadan

 

Posts: 457
Joined: 6.Jul.2008
From: Egypt
Status: offline
would you please explain more redaring that
i didnt get ya?

and do u think that this godaddy.com certificate is which type of both certificates u mentioned???

waiting ur reply

_____________________________

Ahmad Ramadan AbaYazeed
Senior Systems Projects Engineer

(in reply to remjak)
Post #: 17
RE: SSL Certificate - 22.Jan.2010 6:50:02 AM   
seo4ssl

 

Posts: 2
Joined: 4.Nov.2009
Status: offline
ClickSSL.com offers you to buy or renew a SSL Certificates at very affordable price.

RapidSSL

_____________________________

RapidSSL Certificate

(in reply to pannop)
Post #: 18
RE: SSL Certificate - 23.Nov.2010 10:56:44 AM   
jdwhite

 

Posts: 1
Joined: 23.Nov.2010
Status: offline
When you have chosen your certificate the installation procedure on Microsoft Exchange 2007 server should be, depending on your SSL Cert something like:

1. Once you received your SSL certificate by e-mail, please copy and paste it into a text file (with Notepad or Wordpad) and save the file with the .crt extension. (Include the tags -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
2. Copy your .crt file to c:\ on your Exchange Server.
3. Launch the Exchange Management Shell (located in Start > Programs > Microsoft Exchange Server 2007).
4. Run these commands (change the certificate_name.crt):
Import-ExchangeCertificate -Path C:\certificate_name.crt
Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
The Services option can be any combination of: IMAP, POP, UM, IIS and SMTP.
5. Check that your certificate is enabled with this command line:
Get-ExchangeCertificate -DomainName yourdomainname
6. In response to the above command, you should see the certificates thumbprint, the list of the services and the name of your certificate file. If your certificate isn't properly enabled, you can re-run the modified Enable command with the certificate thumbprint:
Enable-ExchangeCertificate -Thumbprint [paste thumbprint here] -Services "SMTP, IMAP, POP, IIS"
7. Reboot your server.
8. Test your certificate by connecting with IE, Outlook or ActiveSync.

(in reply to seo4ssl)
Post #: 19

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> SSL Certificate Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter