Trusted Cert Woes on SBS 2008
|
Prev: Exchange edge server to interface with SBS 2008?
Next: How to delete an UPDATE in Progress ALERT?
From: Ace Fekay [MCT] on 1 Oct 2009 16:21 "Bill Glidden" <bill(a)glidden.net.au> wrote in message news:4AC4AB1E.6090302(a)glidden.net.au... > Ace Fekay [MCT] wrote: >> "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message >> news:%23aogTOhQKHA.5068(a)TK2MSFTNGP05.phx.gbl... >>> Good stuff, thanks Ace. >>> >>> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). >>> Always used the self signed certs, and always able to make them do. >>> Worst case is locked mobile devices, but that's worked around by >>> converting the cert to a .cab file. >>> >> >> For my own Ex2007, I never bought a public cert, but I haven't any cases >> where I would need it. When connecting to OWA, I would just click on the >> trust this cert message. However, I just replaced my BB with an HTC Touch >> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the >> iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert >> issue time! So instead of dealing with the cert, I thought let me just >> get a single name cert (non UC/SAN) and see if it works. Since I set this >> domain up back in 1999 when AD first came out, the mindset and consensus >> was to use your public name, so I never changed that. It's only me and a >> few people that use the domain. So I figured, what the heck, a single >> name cert would work internally and externally for mail.mydomain.com, and >> I have the same record created internally. Well, the thing worked fine >> with the Windows mobile. It synched up fine. It also works fine for my >> OWA site, since you can enable that in Exchange to use the cert for other >> purposes other than just internally, such as for IIS, SMTP, IMAP and POP. >> However, I know I will have an issue with Outlook Anywhere due to the >> Autodiscover record, but I don;t use that anyway. If it comes down to it, >> and I need that function, I will dish out the extra $$ for a UC/SAN cert. >> And here I am using a single cert for limited capabilities, but I keep >> pushing to get a UC/SAN cert to my customers. I figured if they ever need >> the other functionality, I don;t want to deal with installing certs on >> their mobile units, or some of their remote employees that hardly come >> into the office and are using Outlook Anywhere. >> >> I guess you can call me the landscaper with the tallest lawn on the >> block! :-) >> >> Ace > Thanks for all the good info, Ace. :) > > Bill You are welcome! Ace
From: Bill Glidden on 1 Oct 2009 17:30 Ace Fekay [MCT] wrote: > "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message > news:%23aogTOhQKHA.5068(a)TK2MSFTNGP05.phx.gbl... >> Good stuff, thanks Ace. >> >> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always >> used the self signed certs, and always able to make them do. Worst case is >> locked mobile devices, but that's worked around by converting the cert to >> a .cab file. >> > > For my own Ex2007, I never bought a public cert, but I haven't any cases > where I would need it. When connecting to OWA, I would just click on the > trust this cert message. However, I just replaced my BB with an HTC Touch > Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the > iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue > time! So instead of dealing with the cert, I thought let me just get a > single name cert (non UC/SAN) and see if it works. Since I set this domain > up back in 1999 when AD first came out, the mindset and consensus was to use > your public name, so I never changed that. It's only me and a few people > that use the domain. So I figured, what the heck, a single name cert would > work internally and externally for mail.mydomain.com, and I have the same > record created internally. Well, the thing worked fine with the Windows > mobile. It synched up fine. It also works fine for my OWA site, since you > can enable that in Exchange to use the cert for other purposes other than > just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will > have an issue with Outlook Anywhere due to the Autodiscover record, but I > don;t use that anyway. If it comes down to it, and I need that function, I > will dish out the extra $$ for a UC/SAN cert. And here I am using a single > cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my > customers. I figured if they ever need the other functionality, I don;t want > to deal with installing certs on their mobile units, or some of their remote > employees that hardly come into the office and are using Outlook Anywhere. > > I guess you can call me the landscaper with the tallest lawn on the block! > :-) > > Ace > > Thanks for all the good info, Ace. :) Bill
From: Les Connor [SBS MVP] on 2 Oct 2009 00:31 SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC diamond touch, no issues at all. -- ----------------------------------------------- Les Connor [SBS MVP] "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:eBb$ZNlQKHA.3876(a)TK2MSFTNGP06.phx.gbl... > "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message > news:%23aogTOhQKHA.5068(a)TK2MSFTNGP05.phx.gbl... >> Good stuff, thanks Ace. >> >> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). >> Always used the self signed certs, and always able to make them do. Worst >> case is locked mobile devices, but that's worked around by converting the >> cert to a .cab file. >> > > For my own Ex2007, I never bought a public cert, but I haven't any cases > where I would need it. When connecting to OWA, I would just click on the > trust this cert message. However, I just replaced my BB with an HTC Touch > Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the > iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert > issue time! So instead of dealing with the cert, I thought let me just get > a single name cert (non UC/SAN) and see if it works. Since I set this > domain up back in 1999 when AD first came out, the mindset and consensus > was to use your public name, so I never changed that. It's only me and a > few people that use the domain. So I figured, what the heck, a single > name cert would work internally and externally for mail.mydomain.com, and > I have the same record created internally. Well, the thing worked fine > with the Windows mobile. It synched up fine. It also works fine for my OWA > site, since you can enable that in Exchange to use the cert for other > purposes other than just internally, such as for IIS, SMTP, IMAP and POP. > However, I know I will have an issue with Outlook Anywhere due to the > Autodiscover record, but I don;t use that anyway. If it comes down to it, > and I need that function, I will dish out the extra $$ for a UC/SAN cert. > And here I am using a single cert for limited capabilities, but I keep > pushing to get a UC/SAN cert to my customers. I figured if they ever need > the other functionality, I don;t want to deal with installing certs on > their mobile units, or some of their remote employees that hardly come > into the office and are using Outlook Anywhere. > > I guess you can call me the landscaper with the tallest lawn on the block! > :-) > > Ace >
From: Ace Fekay [MCT] on 2 Oct 2009 00:33 "Bill Glidden" <bill(a)glidden.net.au> wrote in message news:uZPt15tQKHA.1280(a)TK2MSFTNGP04.phx.gbl... > > Thanks for all the good info, Ace. :) > > Bill > You are welcome! Ace
From: Ace Fekay [MCT] on 2 Oct 2009 00:46 "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message news:uL7fRlxQKHA.4592(a)TK2MSFTNGP06.phx.gbl... > SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC > diamond touch, no issues at all. > That I didn't know. Thanks! Ace
First
|
Prev
|
Pages: 1 2 3 4 Prev: Exchange edge server to interface with SBS 2008? Next: How to delete an UPDATE in Progress ALERT? |