Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Simple question about SSL

Status
Not open for further replies.
1666

1666

Technical User
Dec 12, 2002
131
0
0
GB
Hi, our IIS 5.0 server hosts our Outlook Web email, we use it with SSL (128 bit), it is soon to expire and I was wondering as it's only for users based on our company that use it, do we really need to buy a new certificate? Or can we create our own? If so how and will it be just as secure?

We basically want them to be encrypted with 128 bit, if we create our own will it still act the same way as a purchased certificate, whereby it's downloaded automatically to the user?

Andy
 
Sort by date Sort by votes
I think I answered about Certification Authority (CA) in another thread, but i forgot which one.. :))
CA can be: public or private.
A CA is an entity that is storing and generating certificates (with public and/or private keys).
This entity can be hosted by a a company and they will sell the certificates to customers. Or it can be held locally, in your network, and you don't have to pay anything.
Why to use then a public one?
For few reasons:
- customers that will access your site (e-comerce let's say) will trust you more if you will use a such a public CA. it just gives trust to the people that are seeing that youhave your site based on a well known CA.
- many applications will check the validity of your certificate. this is done accessing a CRL (certicate revocation list), that is a folder with revoked certificates. SO, an internet user, should be ble to access that folder!

In your case, where you are using Outlook for signing/encrypting, a private CA is good enough. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Thanks, how can they tell it's a private key provided by me or a public one?

How can I create a key please? I know how to generate a request what next please mate?

Andy
 
Upvote 0 Downvote
If you are using a public one it is in your interest to announce this. People trust that institution that gave you the certificate, so it will trust you too.

How to have yor own certificates? First youhave to install a Certification Authority. If it is on a Windows 2000 server, you have two choices: Enterprise or standalone. Choose enterprise if you are using it in a nework with all clients accessing Active Directory, or choose standalone in the all other cases.
I recomend for you standalone one. Enrollment (to obtain certificate) for a standalone CA is webbased. eg: "localhost/ca". Those web pages will guide you for what you want. The webbased application will create a request for certificate. Then yo uhave to open CA console (in adminitrative tools) and then aproove or not the request.
Install the CA and I will tell you more if you cannot manage. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
I have a question on this, we installed ca on our exchange server and requested and installed the certificate for owa, however everytime we try to access it we get the popup that it is a certificate that cannot be verified up to a trusted certificate authority. I tried to install the certificate but I get the same popup everytime.

Does anyone know why?
 
Upvote 0 Downvote
What MS Exchange are you using?
What certificate are you using? From a public CA or private CA?
When a software that is using certificates wants to verify the authenticity of a certificate it is trying to contact the CRL (certificate revocation list) of the authority that released that certificate. Most of the software have option for setting off or on this setting. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
I am using Exchange 2000 Standard. IE 6.0

I have installed the certificate, however everytime I try and access owa from a machine I get a "security alert" telling me he certificate was issued by a company you have chosen not to trust and to view the certificate to determine wheter I want to trust the ca. I then view the certificate and install it but I still get the same "security alert" popup everytime.

Anyone have any ideas?

Thank You
 
Upvote 0 Downvote
I get the same message too about not trusting. Anyone any ideas?
 
Upvote 0 Downvote
My question is again: what kind of CA you are using? Public? Private?
And if so, if you go to IE Options/Content Certificates, or in mmc Certificates, and see what certificates and trusts do you have there. Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
66
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
53
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
42
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
38
Krus1972
Krus1972
Shimness
  • Locked
  • Question
Hyper-V Server Build Questions
Replies
6
Views
69
technome
technome

Part and Inventory Search

Sponsor

Back
Top