Announcement

Collapse
No announcement yet.

free certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • free certificate

    is there a free certicate that we can use or configure

  • #2
    Re: free certificate

    Install your own CA and get a free certificate.

    Otherwise, google "free ssl" and you'll find quite a few.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: free certificate

      Here is a great how to on doing a home grown ssl
      http://www.msexchange.org/pages/article_p.asp?id=633
      Hindsight is 20/20 foresight is what matters

      Comment


      • #4
        Re: free certificate

        Or you choose one closer to home.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: free certificate

          The only problem with free certificates is that always generate security prompts. While you can install them on machines that you own, in the event that you have to change the certificate, you will have to update all the machines.
          I also think that security prompts look unprofessional and should be avoided.

          This is quite easy when people like RapidSSL are selling them for US$70 per year!

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: free certificate

            Simon, while you are of course right about the security prompts "risk", using home-created certificates does not necessarily mean you WILL get those prompts. For example, if the CA that is used to issue those certs is an Enterprise CA and all the computers using the certificates are members of the same AD forest, then there will be NO prompts, as all computers will automatically trust the CA and any certificate issued by it. However, when connecting to the SSL-protected website from any "outside" computer, i.e. one that is not a part of the domain (client's computer, external user, partners and so on) they will need to import your CA's root certificate into their trusted root certificates store on each of the computers that will need to use the certificate. They can do that either manually, or by using their GPO infrastructure, if they have one in place.

            But yes, using home-grown certificates will cause extra overhead.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Re: free certificate

              Daniel,
              I agree with all of your points on the use of the certificates.
              However, consider this...

              The vast majority of SSL use is outside the company.
              In many cases it will be from machines that the administrator has no control over.

              While the administrator can train the users to install the certificate themselves, the question you should ask is do you want them to?

              That would probably mean the certificate being left all over the place.
              You may then find that unauthorised certificates are on company machines.

              My biggest concern with home grown certificates though is the security risk. Not to your own data, or the data being protected by the certificate.

              But to the user's machine and data.

              We all know that users don't listen. They hear what they want to hear.
              They will not remember that the warning should appear ONLY on your site and you can ignore it. They will simply remember the big about ignoring the warning - because the IT guy said so and he knows what he is on about.

              The user then becomes a victim of a phishing attack (don't laugh - 2000 citizens of a certain country recently believed that the biggest bank in the country was about to go bust and clicked a link in an unsolicited email). They get the certificate warning when they are connecting to "their bank" and ignore it - because the IT guy says so.

              Oh dear.

              Internet Explorer 7.0 makes an even bigger issue of the incorrect certificate, stopping you from browsing to the site at all until a link is clicked.

              As responsible IT administrators, who under stand the risks of the internet better than most, I feel that it is part of our duty to be consistent with the users - keep it simple. You get a warning - that is BAD, and it doesn't matter whose site it is on.

              For the sake of US$70, it just doesn't make sense not to.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: free certificate

                Very well put Simon, I'm sure our readers will benefit from these insights.
                Cheers,

                Daniel Petri
                Microsoft Most Valuable Professional - Active Directory Directory Services
                MCSA/E, MCTS, MCITP, MCT

                Comment


                • #9
                  Re: free certificate

                  I wouldn't mind starting the use of certificates on my systems using my own CA but the problem is that my own internal CA doesn't mean squat to the outside world because it's not trusted.

                  "Why should I trust you?"
                  "Because I have a certificate"
                  "Who issued the certificate?"
                  "I did"
                  "Why should I trust that?"
                  "Because I said so"
                  VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                  boche.net - VMware Virtualization Evangelist
                  My advice has no warranties. Follow at your own risk.

                  Comment


                  • #10
                    Re: free certificate

                    Yes, but if your "outside" users are contractors, suppliers, vendors and so on, you can "force" them to trust your CA: "You wanna work with us? Install this root CA on all the machines that need to communicate with our servers".
                    Cheers,

                    Daniel Petri
                    Microsoft Most Valuable Professional - Active Directory Directory Services
                    MCSA/E, MCTS, MCITP, MCT

                    Comment

                    Working...
                    X