Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#343923 - 31/03/2011 21:21 Free CA?
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
Does anybody know of a Certification Authority that would release a SSL certificate for free? I would need to use it in a test environment for Exchage 2010, which is incredibly annoying when not endowed with a self-signed certificate.
_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top
#343924 - 31/03/2011 21:53 Re: Free CA? [Re: Taym]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Gandi (http://gandi.net) will give a free one for a year if you transfer or register a domain with them. Not sure about a purely free one though.

Top
#343925 - 31/03/2011 21:56 Re: Free CA? [Re: drakino]
siberia37
old hand

Registered: 09/01/2002
Posts: 702
Loc: Tacoma,WA
If your organization is big enough get yourself a wildcard certificate. Then you can put up as many development servers as you want and not worry about valid certificates.

Top
#343926 - 31/03/2011 22:08 Re: Free CA? [Re: Taym]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Windows Server has a CA built in. It's probably going to be easier for you to do it that way. IIRC, Exchange actually has a "automatically get a certificate from my domain" button somewhere.
_________________________
Bitt Faulk

Top
#343927 - 31/03/2011 22:15 Re: Free CA? [Re: wfaulk]
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
Originally Posted By: wfaulk
Windows Server has a CA built in. It's probably going to be easier for you to do it that way. IIRC, Exchange actually has a "automatically get a certificate from my domain" button somewhere.


Not anymore with Exchange 2010. Self-signed certificates are not good enough, apparently, in various cases. For one, there's no way to make WP7 Exchnage clients to connect to the server without returning a synch error. Possibly, in a future update (nodo not available yet with our phone service provider, so maybe this could get solved soon, but I have not read anything at this regard). Well, this is more of a client issue, actually.
Exchange 2010 is quite rigid on security, which is very good; but hey, give me a more relaxed "test environment" setup... Unless I am missing it.
_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top
#343935 - 01/04/2011 00:32 Re: Free CA? [Re: Taym]
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeOWA\AllowInternalUntrustedCerts = 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeOWA\AllowExternalUntrustedCerts = 1

If applied to the Exchange Server 2007/2010 will help.
_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top
#343937 - 01/04/2011 00:39 Re: Free CA? [Re: Taym]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Setting up your own CA is not the same thing as self-signing a certificate.
_________________________
Bitt Faulk

Top
#343948 - 01/04/2011 06:00 Re: Free CA? [Re: wfaulk]
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
Bitt, sorry, I thought you meant "Exchange" instead of Widnows Server in general.
yes, you're correct. We wanted to avoid that for various reaons, but if www.cacert.org (supposedly free CA, if ayone is interested), fails, we'll resort generating the certificates internally as you suggest.
_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top
#343956 - 01/04/2011 11:10 Re: Free CA? [Re: Taym]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
You'll need to install the root cert for CA cert as I highly doubt Exchange or Windows has that built in. If you're installing the root CA cert for internal usage only then you might as well make your own internal company CA at this point.

Top
#344052 - 05/04/2011 07:21 Re: Free CA? [Re: tman]
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
... Yes, I resorted to make our test exchange server ALSO CA. Still, we're going through hell to make Autodiscover / Outlook anywehere work properly.
_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top