[ExchangeList] Re: https based oma on .local domains?
- From: "Simon Butler" <simon@xxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Sat, 29 Apr 2006 00:21:59 +0100
If you are using $400 certificates for your deployments then you are
throwing client money away. I use RapidSSL certificates for mine and
they work fine. With the Pocket PC devices you need to import the root
certificate but that is easily done.
Anyone who is serious about the security of their network should only be
deploying commercial certificates. It not only looks better but avoids
the security messages when users browse to the site from an internet
cafe or other machine where the certificate is not installed.
You should see what Internet Explorer 7.0 does when you access a site
with a home grown certificate.
Simon.
--
Simon Butler
MCP, MCSA, MVP:Exchange
Amset IT Solutions Ltd.
e: simon@xxxxxxxxxxxx
w: www.amset-it.com
w: www.amset.info
________________________________
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Sherry
Sent: 28 April 2006 17:10
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: https based oma on .local domains?
For external devices, like Outlook (via RPC over HTTP) or Smart Phones,
to access your front-end server you will need a public certificated that
matches the external DNS address the devices are using. The other
alternative is to use an internal certificate and install it on all
devices, but this can be a real pain and isn't worth the $400 or so
dollars a public certificate cost.
RPC over HTTP & Smart Phone both require that the certificate be valid.
This means that it matches the DNS address the client is using the
access the server, and the root CA for the certificate can be verified
or the CA chain has been installed already on the device.
So the best solution would be to put a public certificate, issued for
mail.yourdomain.com, on user server and, as Mark said, tell people to
access the server at mail.yourdomain.com. You would use this same
address in Outlook for RPC over HTTPs and ActiveSync for smart phones
Jason Sherry - Pro Exchange http://www.theproexchange.com
________________________________
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Morgan
Sent: Thursday, April 27, 2006 4:36 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: https based oma on .local domains?
you can create a yourdomain.com zone in your dns create a
mail.yourdomain.com a and mx record and then issue a cert to the
mail.yourdomain.com name instead of the mail.domain.local.
-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx]On Behalf Of Ara Avvali
Sent: Thursday, April 27, 2006 2:32 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] https based oma on .local domains?
Good afternoon everyone,
Since our internal domain is .local based and certificate is
assigned to mail.domain.local, we get warning and click "YES" on OWA
which is fine. But this stops rpc/http work so I am wondering if it is
going to cause problem for OMA/https. Can I use https for oma in this
scenario or have to go with http?
Appreciated
Exchange 2003 sp2 on 2003 Sp1
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.0/325 - Release Date:
4/26/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.0/325 - Release Date: 4/26/2006
Other related posts:
