top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to Determine When to Use Certificates Issued by Public CAs and When to Use Self-Signed Certificates?

+4 votes
338 views
How to Determine When to Use Certificates Issued by Public CAs and When to Use Self-Signed Certificates?
posted Jun 1, 2015 by Vrije Mani Upadhyay

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

This is explanation of how Exchange 2007 uses certificates. After you have read this section, you should understand, based on the Exchange components that you have enabled and the clients you want to support, what kind of certificates you must purchase from a public CA. This section also provides the general context for the more technical content that follows.
It's important to understand that, because this section is intended to let you quickly determine your overall certificate needs with regard to public CAs, the section is necessarily brief. For brevity, many generalizations about certificates and related technologies are made to illustrate certificate use in Exchange 2007. If you do not understand concepts in this section, make sure that you read the rest of this topic and the referenced documentation.

Generally, any Exchange 2007 component that uses Kerberos, Direct Trust, or NTLM authentication can use a self-signed certificate for encryption. In this topic, such components are referred to as internal Exchange 2007 components. Internal refers to the fact that the data paths are between Exchange 2007 servers and within the corporate network that is defined by Active Directory.

We recommend that you deploy a certificate issued by a public CA whenever your users are access Exchange components that require authentication and encryption from outside your corporate firewall. For example, all the various clients that the Client Access server role supports, such as Exchange ActiveSync, POP3, IMAP4, and Outlook Anywhere, should be secured with a certificate that is issued by a public CA. In this topic, such components are referred to as external Exchange 2007 components. External refers to the fact that the data paths between the clients and the Exchange 2007 servers traverse the corporate firewall and extend into the Internet.

answer Jun 1, 2015 by Manikandan J
Similar Questions
0 votes

I am torn between deploying Microsoft Exchange 2016 and Linux-based SMTP servers like sendmail, postfix, qmail and exim. Relative ease of installation and configuration is an important consideration factor.

Microsoft Exchange 2016, Domain Controller, and Active Directory are relatively easy to install and configure. Linux-based SMTP servers are extremely difficult to install and configure and of course, extremely time-consuming.

One of the features of Microsoft Exchange 2016 is that you can create additional folders on your Inbox in the server (server-side). Can Linux-based SMTP servers do that?

Does Exchange 2016 offer more user-friendly features or Linux-based SMTP servers?

Besides the above considerations, how about security? Traditionally, Linux is far more secure than Windows. Judging by security, Linux-based SMTP servers ought to have a higher percentage of the market share?

Finally, I can only use Windows Server 2016 Standard Evaluation Copy FREE for a period of 3 years MAXIMUM. But I can use Linux servers and Mail Transport Agents (MTA) FREE perpetually.

Please share your opinion?

+1 vote

I am trying to setup SSL on my replica set, I am creating the CA with the command

openssl req -newkey rsa:2048 -new -x509 -days 36500 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key

My Environment:

MongoDB 3.2.6
Ubuntu 14.04

My replica set have 3 servers, Is thats the correct way to create the CA ?

0 votes

I am currently experimenting with a self signed CA using NSS at the moment.

I would like to be able to create certificates, sign them with the CA, and be able to revoke them via some CRL mechanism.

At the moment, I can achieve the first two steps, but the method of revoking a certificate from an NSS db, and then creating a CRL from that is eluding me. I have tried to research this quite a bit, and reading of
various man pages are not sheding light upon this situation for me.

any tips.

...