Welcome to ISAserver.org

Publish Exchange without certificate .. is this possible

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Publish Exchange without certificate .. is this possible

Page: [1]

Message

<< Older Topic Newer Topic >>

Publish Exchange without certificate .. is this possible - 21.Dec.2010 3:14:25 AM

Freekeko

Posts: 38
Joined: 6.Aug.2006
Status: offline

Hello,

I want to know can I publish Exchange 2010 without certificate cause I don't want to buy any certificate .

I tried to publish it but I dont know how since the exchange owa url is https:\\

Post #: 1

Featured Links*

RE: Publish Exchange without certificate .. is this pos... - 21.Dec.2010 6:41:29 AM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

although not recommended, you can.

If you don�t want to buy a certificate, then you also have the option to use Windows CA server.

For publishing an Exchange 2010 using ISA 2006 SP1, there is a great article from Exchange team: http://msexchangeteam.com/archive/2009/12/17/453625.aspx

Regards,
Paulo Oliveira.

< Message edited by paulo.oliveira -- 21.Dec.2010 9:40:36 AM >

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Freekeko)

Post #: 2

RE: Publish Exchange without certificate .. is this pos... - 21.Dec.2010 9:15:00 AM

Freekeko

Posts: 38
Joined: 6.Aug.2006
Status: offline

unfortunately we didn't have Windows CA server , so how can I publish the exchange without certificate

(in reply to paulo.oliveira)

Post #: 3

RE: Publish Exchange without certificate .. is this pos... - 21.Dec.2010 9:42:19 AM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

Exchange was built with security in mind, the default option is to use SSL. You must turn SSL off if you really want to publish it using non-secure connection.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Freekeko)

Post #: 4

RE: Publish Exchange without certificate .. is this pos... - 21.Dec.2010 9:59:26 AM

Jason Jones

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

So, you like the idea of your users transmitting usernames and passwords in the clear across the Internet then?

When SSL certs can be had so cheap (�40 from godaddy and even free if you look around) why would you ever risk not using HTTPS?

There is likely to be very little guidance on doing it with HTTP only, as this is a pretty poor solution security wise...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to paulo.oliveira)

Post #: 5

RE: Publish Exchange without certificate .. is this pos... - 22.Dec.2010 2:19:07 AM

Freekeko

Posts: 38
Joined: 6.Aug.2006
Status: offline

I don't mean to using HTTP, I mean to use HTTPS that include with Exchange Server not the one with ISA server , because the ISA require certificate if I'll use HTTPS

(in reply to Jason Jones)

Post #: 6

RE: Publish Exchange without certificate .. is this pos... - 22.Dec.2010 9:32:35 AM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

actually, is more secure you install certificate on ISA than on Exchange it self. Since, ISA will be the one facing the internet and authenticating users.

ISA server has the following options to bridge connections:
SSL-to-SSL: Internet<---->SSL<---->ISA<---->SSL<---->Exchange
SSL-to-HTTP: Internet<---->SSL<---->ISA<---->HTTP<---->Exchange
HTTP-to-HTTP: Internet<---->HTTP<---->ISA<---->HTTP<---->Exchange
HTTP-to-SSL: Internet<---->HTTP<---->ISA<---->SSL<---->Exchange

And, it also has the option to tunnel SSL connections, like others firewalls do. (not very secure). Acting like just a port forwarding.

It is even more secure to keep confidentially end-to-end, meaning both, ISA and Exchange server, must have certificates to encrypt their connections.

Getting back to your initial request:

quote:

I want to know can I publish Exchange 2010 without certificate cause I don't want to buy any certificate .

You could use self-signed certificates (not a good practice). Just make sure to install then on both servers.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Freekeko)

Post #: 7