Expensive third-party certificates (which can run up to
$1000 a year per certificate in some cases) can be eschewed in favor of internally generated
certificates. This also gives an organization more flexibility in the creation and modification
of certificates. Windows Server 2003 includes the option of installing an
enterprise certificate authority on an internal server or set of servers, giving administrators
more options for SSL communications. The biggest downside to an internal CA is that, by
default, not all browsers have the required certificate patch that includes the internal CA
as part of the default installation, and therefore receive the error illustrated in Figure 12.3
when accessing a site secured by this certificate.
The only way to avoid this type of error message from appearing is to add the internal CA
to the client??™s list of trusted root authorities, which can be a difficult prospect if OWA
FIGURE 12.3 Viewing a common SSL certificate error.
319
12
Enabling Secure Sockets Layer (SSL) Support for Exchange Outlook Web Access
access is to be made available to browsers around the world. An enterprise certificate
authority is automatically trusted by domain members, which can make this easier for an
organization to deploy, but can still limit the deployment of a seamless solution.
Pages:
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531