I'm generally a big believer in the power of a free market. In most market segments, competition between sellers makes things better for the buyer. In the computing industry, look no further than the x86-based hardware that you're probably using to read this email newsletter.
One area in which competition has only recently made its mark is the market for Secure Sockets Layer (SSL) certificates. If you want an SSL certificate, you have basically two choices: You can create your own or you can buy one from a third-party certificate authority (CA). For many applications, a self-issued, self-signed certificate will do fine. For example, many companies use self-signed certificates for signing Microsoft Office macros and protecting intranet Web servers. The potential security risk of clients accessing your Internet-facing services will determine whether you should use self-signed certificates or certificates purchased from an external CA such as Comodo, GoDaddy.com, or VeriSign. The cost of these certificates varies quite a bit; for example, Comodo sells a 128-bit server certificate for $139 per year, whereas a similar certificate from GoDaddy.com costs about $20 per year. The strength of the certificate, its renewal period, and the reputation of the certificate issuer all influence the final price.
Exchange uses certificates in several ways. The most common use, of course, is to protect access to Microsoft Outlook Web Access (OWA). Exchange Server 2003 and earlier releases don't require you to use SSL with OWA, but if you don't use it you're needlessly exposing yourself to the possibility of an attacker stealing credentials to your network. (When you turn on form-based authentication for Exchange 2003, however, SSL is required or the authentication won't work.) You can also use certificates to apply SSL protection for POP, IMAP, and Exchange ActiveSync.
Requesting and installing certificates is fairly straightforward, although it might require more knowledge of the Internet Services Manager for Microsoft IIS than you might voluntarily gain on your own. After you install a certificate and enable it for the Exchange services you want to protect, you're done.
Exchange Server 2007 changes the game significantly because it automatically generates and installs its own set of self-signed certificates. This is a great boon for novice administrators (or lazy ones) because it means that Exchange 2007 OWA is automatically protected from the minute you install the Client Access server role. However, the addition of this new feature introduces several additional wrinkles that you need to know about; I'll cover those in next week's column.
End of Article
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
When Microsoft announced its Windows Live OneCare security and PC health product over five years (as MSN OneCare), Symantec, McAfee, and the other consumer-oriented security vendors reacted with stunning vigor. ...
Get Mark Minasi’s Windows Server 2008 Audio CDs "Windows expert, consultant and best-selling author Mark Minasi shows you if 2008 is right for you and, if so, how to get the most out of it!
Take Control of Your Email Optimize your email storage – Download this white paper to learn key how-to’s in email storage management.
Get Windows IT Pro To Go! The Windows IT Pro Magazine Master CD is a powerful combination of content and convenience. Order now, and save up to 25%--plus you’ll get online access to new articles each and every month! Subscribe today!
Register
