cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Certificates - SBS 2008 -

innoko
Newbie
Posts: 2
Registered: ‎01-03-2010

SSL Certificates - SBS 2008 -

Hi.  We run SBS 2008, have our main website 'www.contoso.com' hosted with Plus, but would like an SSL certificate for 'remote.contoso.com' which points directly to our SBS servers external IP address.  Has anyone else done this, and which is the best (or cheapest) provider?  SBS 2008 likes proper certificates for remote access, as do mobile devices connecting to pick up exchange mail.    I tried godaddy, but because of the setup, we could not get the validation procedure to work, so had to abandon. 
3 REPLIES 3
Lurker
Grafter
Posts: 1,867
Registered: ‎23-10-2008

Re: SSL Certificates - SBS 2008 -

The cheapest provider is you.
Self signed certificates will provide the same level of security as a commercially purchased certificate.
The downside it that most people don't understand the warning that appears in most browsers - telling them that you have signed the certificate, and that they should accept its use only if they trust you.
"Proper Certificates" is a misleading term - what you mean is a certificate from somebody who is trusted by almost every computer in the world.
Mobile devices do not care who the certificate authority is, no more than a browser does.
innoko
Newbie
Posts: 2
Registered: ‎01-03-2010

Re: SSL Certificates - SBS 2008 -

Thanks for the reply.  Presumably you mean using a tools like XCA to generate a self-signed certificate.  I did this to enable Nokia N series users to connect with Mail for Exchange, but it was such a pain to set up..  By a proper certificate I mean a certificate from a trusted source, not the self-issued one from SBS which means N series users cannot connect.
Lurker
Grafter
Posts: 1,867
Registered: ‎23-10-2008

Re: SSL Certificates - SBS 2008 -

I don't have much experience of trying to connect an N-Series phone to SBS, but with those devices I have used, it is simply a case of telling the device that the certificate is from a trusted source.
You can install the certificate onto Windows Mobile devices, which will then trust the Cert Auth. With an iPhone for example, you can simply tell it to trust the Cert Auth, in the same way that you would in a browser for accessing say, OWA.
(Some quick interweb research shows that the Win Mobile method is essentially the same for N-Series devices - copy the CA Cert to the mobile device and install it. Then go to Cert Manager and tell the device to trust that CA)

If the only devices you are connecting up are within your control, I can't see a reason to use a Cert signed by a commercial CA.
If the devices are not within your control - it's sensible to purchase one from a CA which the devices will natively trust.