Cheap SSL certs or running with the big dogs?
Okay, I'm cheap, I admit it. I always search for the lowest airfares, buy my gas at Costco (about $55 per week a this point!), use Froogle like crazy, turn the ketchup bottle upside down to get as much out as possible, and I buy SSL certs from www.godaddy.com or www.instantssl.com when setting up OWA server.
I recently saw a downside to this. Usually, there is no "liability" issues associated with setting up an OWA server. At least, not liability like there is setting up an e-commerce site. So, the big dog's SSL certs such as VeriSign or Thawte (which come with a certain amount of liability protection), are not necessary.
Several of my customers that have just migrated to Exchange 2003 used www.godaddy.com for the SSL certs. Now, they want Windows Mobile and ActiveSync support. The problem is that the root CA that GoDaddy uses is NOT trusted by the Windows Mobile devices. When you try to configure ActiveSync, you get errors like INTERNET_45 or INTERNET_55 on the mobile device. (I just blogged this a few months ago).
So, you have to install your root CA's certificates on the mobile device. Interested? Here is more information:
- My blog: How to install root Certifictes on a Windows Mobile-based device
- Windows Mobile Blog: How can I add root certs to my Windows Mobile 5.0 device?
- KB 841060: How to add root certificates to Windows Mobile 2003 Smartphone and to Windows Mobile 2002 Smartphone
- KB 915840: How to install root certificates on a Windows Mobile-based device
So, the other thing I have to admit is, that I'm lazy. If I really don't want to have 100 Windows Mobile users bring their devices in to IT so that I can install my cheapie CA's cert on each device.
The Moral of the Story?
I'm getting there! So, the moral of the story is, when you get ready to purchase OWA certs, ask yourself if you are going to be supporting Windows Mobile devices. If so, is it still going to be cheaper to purchase the cheaper than manually installing a bunch of certs. Irate and / or inconvenienced users and IT resources do have a cost.