+ Reply to Thread
Results 1 to 19 of 19
  1. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #1

    Default SSL Certificate Provider

    Any idea where can I get the best deal for a SSL Certificate, that will server certs for my mail servers?
    Reply With Quote Quote  

  2. SS -->
  3. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #2
    This should help you out:

    http://www.whichssl.com/comparisons/

    Looks like it's probably Go Daddy Standard SSL @ $16/yr
    Reply With Quote Quote  

  4. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #3
    Well for starters, what mail server? Exchange I assume? What version?

    Any external access? If not, internal CA.

    If yes, will you be using Active Sync? If yes, go with someone other than Verisign. Verisign started to sign their certs with an intermediate certificate last year and it's not in the Windows Mobile Certificate Store. Internet Explorer has the capability to auto-fetch the intermediate certificate if it trusts the root, but FireFox and Active Sync do not support this. It's called certificate chaining.

    Godaddy is cheap and should work. I would double check that the Godaddy chain is in the Mobile device you're using.

    I always try to go with Entrust when possible.

    Digicert is another good option but I haven't worked with them.

    Digicert and Entrust are more expensive than Godaddy.

    If you're doing Exchange 2007 and want autodiscover, you'll probably want to go with Entrust or Digicert. Godaddy should work fine but I'd really try to get Entrust as I know Entrust's certificates are on pretty much all mobile devices.

    Do you plan on deploying OCS in the future? Godaddy certs are not supported for Public IM Connectivity. If you do plan on going with OCS, I would start an account with Entrust and start using them. I'd still go with Entrust either way.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #4
    Quote Originally Posted by royal
    Well for starters, what mail server? Exchange I assume? What version?

    Any external access? If not, internal CA.

    If yes, will you be using Active Sync? If yes, go with someone other than Verisign. Verisign started to sign their certs with an intermediate certificate last year and it's not in the Windows Mobile Certificate Store. Internet Explorer has the capability to auto-fetch the intermediate certificate if it trusts the root, but FireFox and Active Sync do not support this. It's called certificate chaining.

    Godaddy is cheap and should work. I would double check that the Godaddy chain is in the Mobile device you're using.

    I always try to go with Entrust when possible.

    Digicert is another good option but I haven't worked with them.

    Digicert and Entrust are more expensive than Godaddy.

    If you're doing Exchange 2007 and want autodiscover, you'll probably want to go with Entrust or Digicert. Godaddy should work fine but I'd really try to get Entrust as I know Entrust's certificates are on pretty much all mobile devices.

    Do you plan on deploying OCS in the future? Godaddy certs are not supported for Public IM Connectivity. If you do plan on going with OCS, I would start an account with Entrust and start using them. I'd still go with Entrust either way.
    Lol this is a very informative post, eventually I would like to get my feet wet with Office Communicator, I'm also planning to obtain MCITP: Enterprise Exchange Administrator, so any SSL provider with more options would be suitable for me.

    No Internal CA, I will using Active Sync (for lab purposes), Mobile Devices will be big for me, since I will be hosting an Exchange Server soon. I will definitely configure Autodiscover on Exchange 2007.

    Thanks for the feedback, I will check entrust.

    Have you guys actually tried running your own CA, is it a tedious process to run your own?
    Reply With Quote Quote  

  6. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #5
    If you're doing anything mobile, do not use an Internal CA for external access.

    Definitely go with Entrust since you'll be doing Autodiscover and mobile devices. Digicert should work as well, but I've had good luck with Entrust and they have become really popular lately.
    Reply With Quote Quote  

  7. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #6
    Quote Originally Posted by royal
    Well for starters, what mail server? Exchange I assume? What version?

    If yes, will you be using Active Sync? If yes, go with someone other than Verisign. Verisign started to sign their certs with an intermediate certificate last year and it's not in the Windows Mobile Certificate Store. Internet Explorer has the capability to auto-fetch the intermediate certificate if it trusts the root, but FireFox and Active Sync do not support this. It's called certificate chaining.
    We got ActiveSync to work with the Verisign cert but it was a pain in the butt. I think we had to add the intermediate cert to the trusted root store on the phone, and then delete an expired cert from the local computer store on the Exchange server for that intermediate CA.
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  8. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #7
    Quote Originally Posted by blargoe
    Quote Originally Posted by royal
    Well for starters, what mail server? Exchange I assume? What version?

    If yes, will you be using Active Sync? If yes, go with someone other than Verisign. Verisign started to sign their certs with an intermediate certificate last year and it's not in the Windows Mobile Certificate Store. Internet Explorer has the capability to auto-fetch the intermediate certificate if it trusts the root, but FireFox and Active Sync do not support this. It's called certificate chaining.
    We got ActiveSync to work with the Verisign cert but it was a pain in the butt. I think we had to add the intermediate cert to the trusted root store on the phone, and then delete an expired cert from the local computer store on the Exchange server for that intermediate CA.
    Yep, that's what I had to do as well when a client of mine used Verisign. Why bother with that, especially when you have a bunch of mobile clients. Not to mention Verisign is expensive due to their reputation.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #8
    Any idea how much it will cost with Entrust? I just want to get one for study purposes, and ofcourse me hosting a live Exchange Server is just around the corner.

    I looked at their website, and it looks like they got so much options etc. a link of what you personally have that will suffice with my needs will be awesome.
    Reply With Quote Quote  

  10. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #9
    You'd want their Unified Communications Certificate for $600 if you want to support the Autodiscover Service using the Microsoft Recommended method of assigning the autodiscover.domain.com name as a SAN name.

    http://www.entrust.net/ssl-certifica...unications.htm
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #10
    What Windows Mobile Device do you guys recommend? Do you use one Royal?

    Just want to configure CAS on this...
    Reply With Quote Quote  

  12. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #11
    If you're just wanting to test WM functionality against your exchange before you buy Microsoft has emulators for their devices. You have to download the device emulator, the Windows Mobile Images, and the driver (which I think now is included in MS Virtual PC).

    http://www.microsoft.com/downloads/d...displaylang=en
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    May 2007
    Posts
    209

    Certifications
    MCSA 2003, MCTS, MCITP Enterprise Messaging Administrator, ITIL v3 foundations
    #12
    I just used digicert and it worked great for everything but activesync features for the mobiles device as its not a trusted root cert by default. Their service was actually quite amazing to be honest and it was issued very quickly. I like the unlimited server license feature and the ability to cheaply add additional names to the cert when I see fit is super hand if I want to setup ssl for other things above and beyond exchange.

    I looked at Entrust, and like the features but price wise Digicert was cheaper.

    Just my .02
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #13
    I'm trying to see if I can modify files that I browse via OWA 2007, I went ahead and modified Share/ACL permission for an AD account mailbox enabled, that is logged in via OWA, I am actually able to open documents with it's corresponding program, but when I save it and reopen it, the modification I made is not saved.

    I checked the book and did not found anything that would suggest it.

    Also is there a Halo 3 theme for OWA?
    Reply With Quote Quote  

  15. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #14
    There is an Xbox 360 theme in SP1 but I don't think they've yet to do the often promised Halo theme, I assume they didn't get the okay.

    http://blogs.technet.com/kclemson/ar...zune-xbox.aspx
    Reply With Quote Quote  

  16. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #15
    Quote Originally Posted by jbaello
    I'm trying to see if I can modify files that I browse via OWA 2007
    Are you talking about with the feature where it can pass through to a file server to access files? I haven't used that yet, but I believe I read that the access for that is always read-only.
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Jan 2008
    Posts
    1,941

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #16
    I just had the displeasure of trying to get a certificate from Thawte for Exchange 2007 for simple OWA access. Forget it. Awful experience! It's claiming my state and locality aren't in the CSR even though they are (two other CA's validate that), can't get anyone to email me back, it's just awful...
    Reply With Quote Quote  

  18. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,098

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #17
    I will say for Verisign, I've never had the customer service issues like that.
    IT guy since 12/00

    Recent: 10/27/2017 - Passed Microsoft 70-410 (one exam left for MCSA 2012)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), MCSA 2016 upgrade, more Linux
    Thinking about: VCP6-CMA, AWS Solution Architect (Associate), Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #18
    Quote Originally Posted by blargoe
    Quote Originally Posted by jbaello
    I'm trying to see if I can modify files that I browse via OWA 2007
    Are you talking about with the feature where it can pass through to a file server to access files? I haven't used that yet, but I believe I read that the access for that is always read-only.
    On OWA your able to access folders that are shared, via UNC path via Documents. I'm trying to figure out if there is anyway to be able to modify this file and save it, it looks like it's read only.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Jan 2008
    Posts
    1,941

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #19
    +1 for Entrust. +10000 for a UCC aka SAN cert.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks