microsoft.public.exchange2000.admin - Using SSL ...help please.

Author

Using SSL ...help please.

Matt Duggan

2002-11-27, 10:23 pm

I gave up on the idea of purchasing my own cert - too
expensive to be worth the pain of convincing management
(in a previous job). I just installed a temporary
Certificate Authority, and followed the doco for creating
and assigning a cert to the box.

One tip if you create your own cert - use server gated
encryption. I'm not 100% clear on what difference this is
supposed to make, but the actual impact is quite
important: it speeds up the connection process
significantly (20 seconds without server gated enabled, 1
second with it enabled).

Then all you need to do is open port 443 on your
firewall, to allow inbound connections.

There's no easy way to redirect your users to an SSL
equivalent of an identical URL... I had it set up so that
http://webmail.mycorp.com redirected to
https://webmail.mycorp.com/exchange, thus encouraging the
SSL connection. I also set the exchange folder in IIS to
require SSL, so that if they specifically entered the
URL, it would give an error and they would either read it
(and get it right the second time), or call the helldesk.

Incidently, if only port 443 is open on your firewall,
and users forget the S in https, they won't get anything.
And naturally, leaving port 80 open is begging to be paid
a visit by the script kiddies.

Hope this helps.
Matt Duggan.
MCSE (Win2k), MCSE (NT4), MCSA

>-----Original Message-----
>Hi, I have an OWA 5.5 up and running on my Win2k server,
I
>now want to buy a 128 bit SSL encryption
>signature/certificate. Once I have this file:
>
>1.) How would I get external users to connect securely,
do
>I tick a box in IIS?
>2.) Do I just have port 443 open and turn off the port
80
>rule to this server?
>3.) How can I get the users browsers to autmatically go
to
>https instead of http?
>
>Hope you can help
>
>Andy
>.
>

Stuart Mackie

2002-11-28, 5:23 am

http://www.instantssl.com

They do very well priced certificates compared to others like Verisign etc.

Hth,
Stuart.

"Matt Duggan" <lurgen@remove.mira.net> wrote in message
news:1bce401c29693$829d9700$8d
f82ecf@TK2MSFTNGXA02...
> I gave up on the idea of purchasing my own cert - too
> expensive to be worth the pain of convincing management
> (in a previous job). I just installed a temporary
> Certificate Authority, and followed the doco for creating
> and assigning a cert to the box.
>
> One tip if you create your own cert - use server gated
> encryption. I'm not 100% clear on what difference this is
> supposed to make, but the actual impact is quite
> important: it speeds up the connection process
> significantly (20 seconds without server gated enabled, 1
> second with it enabled).
>
> Then all you need to do is open port 443 on your
> firewall, to allow inbound connections.
>
> There's no easy way to redirect your users to an SSL
> equivalent of an identical URL... I had it set up so that
> http://webmail.mycorp.com redirected to
> https://webmail.mycorp.com/exchange, thus encouraging the
> SSL connection. I also set the exchange folder in IIS to
> require SSL, so that if they specifically entered the
> URL, it would give an error and they would either read it
> (and get it right the second time), or call the helldesk.
>
> Incidently, if only port 443 is open on your firewall,
> and users forget the S in https, they won't get anything.
> And naturally, leaving port 80 open is begging to be paid
> a visit by the script kiddies.
>
> Hope this helps.
> Matt Duggan.
> MCSE (Win2k), MCSE (NT4), MCSA
>
> >-----Original Message-----
> >Hi, I have an OWA 5.5 up and running on my Win2k server,
> I
> >now want to buy a 128 bit SSL encryption
> >signature/certificate. Once I have this file:
> >
> >1.) How would I get external users to connect securely,
> do
> >I tick a box in IIS?
> >2.) Do I just have port 443 open and turn off the port
> 80
> >rule to this server?
> >3.) How can I get the users browsers to autmatically go
> to
> >https instead of http?
> >
> >Hope you can help
> >
> >Andy
> >.
> >

Sponsored Links