Disaster Recovery
Information risk management
Intrusion management
Risk management
Security management
Security Program Management
vulnerability management
I am pretty new to the 2003 Microsoft world, but I am NT 4 MCSE. My setup: 2 W2K3 DC's 1 Exchange 2K3 member server 1 W2K3 member server--web server about 60 users--single domain some of my users want to use Outlook Web Access to get their mail from home (approx. 10-15) Everything is set up and running fine. My question is, do I need Certificates to be secure? with this small amount of users it hardly seems necessary, but being new to the 2003 world, I just don't know. If I do need certificates, can I do them myself without ANY other vendors involved? Thanks to all of you for helping us and each other out...this is a great website.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes, you need certificates if you are going to secure your password across the wire. However, you don’t need to use a certificate through a well-known CA, such as Verisign for your purposes.

You can create and approve your own certificates locally using Certificate Services installed on Windows Server 2003. Inform the users that the certificate will issue a warning because it’s not from one of the public CAs. Once they get the error and allow the certificate, they would log on encrypted over HTTPS.

You can also restrict the logon process only to use HTTPS or the entire site, if you desire.


Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Whitecap
    Giving direct access to OWA over the Internet is not a good security practice. While a certificate on the web server will provide you with transport security it does nothing to protect the web server itself and a standard firewall will pass all packets over expected ports. To solve this problem Microsoft has a recommended design which uses an ISA server in the DMZ acting as a bastion host in secure reverse proxy mode. The following link explains how it all hangs together: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx. MS ISA is a good product, in particular on a W2K2 platform. My deployment passed security pen tests with flying colours
    0 pointsBadges:
  • Howard2nd
    Yes - certificates are highly recommended (and easy). Yes - you can self-certify. A - Go through the AD entries and check that every user has their correct e-mail information. B - Install certificate services on the webserver for AD authentication and either auto-issue or admin review and issue. C - Show your users how to login to the webserver and obtain a certificate, Install to IE and Outlook. Enjoy. Most important is to read the documentation MS actually did a good job. Good luck.
    30 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: