Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssl Certifcates on exchange cluster 1

Status
Not open for further replies.
Fabit

Fabit

Technical User
Nov 22, 2005
95
0
0
US
Hi all,

I running an win2k3 exchange cluster. I want to use ssl for my webmail. can someone tell me how can I go about doing this.

Thank you,

Most appreciative,
 
Sort by date Sort by votes
You should only even consider this with a Front End. Webmail, SMTP and everything else. Never use a cluster and expose OWA etc. directly at it.
 
Upvote 0 Downvote
Why not? I hav filtering that port anyway?
 
Upvote 0 Downvote
Security, stability and performance. Remember a FE terminates the SSL which takes a chunk of processing off the box. It's also a single point of arrival and less complex on the network for you. You can also enhance security by beefing up the internal network by restricting what the FE can talk to thus reducing the attack area.

There are a chunk of reasons. Others will add more if they are inclined to do so.

 
Upvote 0 Downvote
so,

ssl for owa on a exchange cluster is no good is what you telling me right?
 
Upvote 0 Downvote
No good" is a little strong. It will work "Unwise" and "not recommended" (my use of the word recommended, not Microsoft's) would be better.
 
Upvote 0 Downvote
even if I buy a cert from verisign. its still not secure?
 
Upvote 0 Downvote
It has nothing to do with the certificate. A certificate is a certificate is a certificate (pretty much in this case) It's all around the stability of the box you're connecting to, it's performance etc.
 
Upvote 0 Downvote
what if I am redirecting from http to https. see what I am trying to do is redirect my http traffic to a more secure place right after a user has loged within owa.
 
Upvote 0 Downvote
That doesn't make any sense.
Usually people have a redirect from to because people always forget the S.
You can't redirect someone after they've logged into OWA.

I think you need to park this one. Operating a FE is something you should do for HTTPS and SMTP. All your SMTP should be dropped onto the FE/SMTP Bridgehead first. Really all this back and forth about HTTPS is secondary because the traffic should be dropped onto the FE on the way out as well as the way in so that it doesn't sit on the cluster queue.
 
Upvote 0 Downvote
ok

so, how can I configure the fe to work so that I can get a more secure connection to owa?
 
Upvote 0 Downvote
Easy, it's a standard FE/BE configuration.
Install Windows, Install Exchange, Service Pack, Put the SSL on the website, Tick the FE boxes in Exchange, Tick the Form Based Authentication boxes and reboot it.


Another reason for the old FE/BE setup is that you cannot offer RPC over HTTPS with a cluster only setup. You HAVE to have a FE in front of the cluster because the RPC Proxy Service is not supported on a cluster. (forgot about that point) Nearly everyone goes with that solution these days as it's such a useful feature.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
753
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top