Free CA?

Posted by: Taym

Free CA? - 31/03/2011 21:21

Does anybody know of a Certification Authority that would release a SSL certificate for free? I would need to use it in a test environment for Exchage 2010, which is incredibly annoying when not endowed with a self-signed certificate.
Posted by: drakino

Re: Free CA? - 31/03/2011 21:53

Gandi (http://gandi.net) will give a free one for a year if you transfer or register a domain with them. Not sure about a purely free one though.
Posted by: siberia37

Re: Free CA? - 31/03/2011 21:56

If your organization is big enough get yourself a wildcard certificate. Then you can put up as many development servers as you want and not worry about valid certificates.
Posted by: wfaulk

Re: Free CA? - 31/03/2011 22:08

Windows Server has a CA built in. It's probably going to be easier for you to do it that way. IIRC, Exchange actually has a "automatically get a certificate from my domain" button somewhere.
Posted by: Taym

Re: Free CA? - 31/03/2011 22:15

Originally Posted By: wfaulk
Windows Server has a CA built in. It's probably going to be easier for you to do it that way. IIRC, Exchange actually has a "automatically get a certificate from my domain" button somewhere.


Not anymore with Exchange 2010. Self-signed certificates are not good enough, apparently, in various cases. For one, there's no way to make WP7 Exchnage clients to connect to the server without returning a synch error. Possibly, in a future update (nodo not available yet with our phone service provider, so maybe this could get solved soon, but I have not read anything at this regard). Well, this is more of a client issue, actually.
Exchange 2010 is quite rigid on security, which is very good; but hey, give me a more relaxed "test environment" setup... Unless I am missing it.
Posted by: Taym

Re: Free CA? - 01/04/2011 00:32

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeOWA\AllowInternalUntrustedCerts = 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeOWA\AllowExternalUntrustedCerts = 1

If applied to the Exchange Server 2007/2010 will help.
Posted by: wfaulk

Re: Free CA? - 01/04/2011 00:39

Setting up your own CA is not the same thing as self-signing a certificate.
Posted by: Taym

Re: Free CA? - 01/04/2011 06:00

Bitt, sorry, I thought you meant "Exchange" instead of Widnows Server in general.
yes, you're correct. We wanted to avoid that for various reaons, but if www.cacert.org (supposedly free CA, if ayone is interested), fails, we'll resort generating the certificates internally as you suggest.
Posted by: tman

Re: Free CA? - 01/04/2011 11:10

You'll need to install the root cert for CA cert as I highly doubt Exchange or Windows has that built in. If you're installing the root CA cert for internal usage only then you might as well make your own internal company CA at this point.
Posted by: Taym

Re: Free CA? - 05/04/2011 07:21

... Yes, I resorted to make our test exchange server ALSO CA. Still, we're going through hell to make Autodiscover / Outlook anywehere work properly.