StartSSL Certs – Great free certs, and even better SAN and Wildcard Certs
This morning I read on Rajith Enchiparambil’s twitter (@rajithe) about the free StartSSL certificates from StartSSL. I’ve been meaning for ages to mention them, as I’ve too been using them in my lab rather successfully.
So, the free certificates…
First of all, I’d like to elaborate on what the free “class one” certificates give you. You get a basic two-name SAN certificate with the following names:
- Your domain name
- The server FQDN
For example – mail.exchangelabs.co.uk and exchangelabs.co.uk. While that’s not as good as a full SAN certificate it can fulfil the basic core requirements for Exchange. You’ve got a name to use for your CAS namespace, and the ability to use it for AutoDiscover using the first-attempted https://domainname.co.uk/AutoDiscover/AutoDiscover.xml URL. An example of the free cert looks a little like this:
What’s the support like amongst browsers and mobile devices?
The first question anyone would have when using one of these certs is what’s the support like? If it’s not supported on nearly all your devices, it’s a waste of time – you may as well use your own private CA. The good news is the cert support is pretty good. I’ve tested it successfully against the following browsers, devices and services:
- Internet Explorer (XP SP2 onwards, IIRC)
- Firefox
- Google Chrome
- Safari
- iPhone
- Android
- Office 365
- Exchange Remote Connectivity Analyser
I’ve had varying success with Windows Phone, as I don’t have one to test against. On a pre-mango device I did need to import the root certificate, though.
Want to test the support for yourself? Visit https://www.stevieg.org and have a try from your device or browser of choice.
SAN and Wildcard certificates
After a few months of using the free certificates, and working around their limitations I needed to do some testing that’s more in parity with customer environments, namely TMG fronting Exchange and ADFS. So, I bit the bullet and decided to upgrade to “Level 2”. This gives you the following of interest:
- Unlimited SAN and Wildcard certs
- Code signing certificates (Yay! I can sign PowerShell scripts!)
It’s not free, but it’s pretty cheap compared to the cheapest I recommend to customers, CertificatesForExchange.com (who I still recommend for production certs) at $59.90 or in UK money, a mere £37. Along with payment, you’ll also need to do the following:
- Send a photo of your passport
- Send a photo of your driving licence
- And in my case, they asked for a copy of my phone bill to confirm my address and phone number.
A few hours after sending the correct docs, I was granted “Level 2” access and able to create Wildcard and SAN certs.
You’ll see here a sample Wildcard cert (or check out https://www.stevieg.org to see a live one):
And below a SAN cert which I’ve added a few domains for Exchange and ADFS:
Caveats?
Only caveat I can think of is when you create your account, you’ll need to set up certificate authentication to the StartSSL website. This is a browser-driven process and isn’t much hassle, and naturally is more secure than simply a username and password.
What you should do however is ensure you back-up the private key and certificate, perhaps by exporting it as a PFX from the Certificates Snap-In. You’ll find it under Personal certificates:
Hope you find this useful, and have fun with the free and nearly free certificates 
Steve
Great joint post about Zimbra verses Exchange
Dave Stork and Michel De Rooij have published a great join post comparing Zimbra to Microsoft Exchange. It's in many parts a rebuttal to a post by Christopher Wells, but I think they have covered it pretty fairly.
My take? To be honest I don't even know why people are bothering to compare Exchange with Zimbra. Before Yahoo bought Zimbra, I thought they might eventually release a competitive product at some point, and they might be the success that Open-Xchange never was.
The reality, in my humble opinion, is that VMware bought Zimbra for the technology not the product. Zimbra's engine is used in Project Octopus, which fills a gap in the market and actually looks like a product VMware can market to it's customers. Zimbra.. not so much.
In a way it's a sad state of the market that Exchange doesn't have a great competitor that's taking customers away right left and centre. Why would I say that? Because having a great competitor to Exchange pushes Microsoft to make Exchange better!
If not for Google Apps, we wouldn't have Office 365 in it's current form, and I dare say Outlook Web App wouldn't have pretty themes like Super Sparkle Happy. Zimbra on the other hand has a few nice features; it's not bad by any means. But it's not something you'd compare to Exchange 2010 and prefer - either from an end user perspective, or as an Administrator. As an ex-Solaris, Linux and BSD sysadmin as well as VCP 3,4 and 5, that's something I find a little disappointing.
A quick look at the free Exchange Server 2010 Boot camp from ExchangeServerPro.com
A question I am often asked is "Steve, where can I find good training for Exchange 2010". Although official Microsoft instructor-led courses are available or CBT training from companies like Train Signal, one problem many IT pros have is that their organization won't pay to send them on training, which can cost thousands of pounds.
So I am very interested to see that Paul Cunningham, who runs ExchangeServerPro.com, has stepped up and put together an Exchange Server 2010 "Boot Camp" which is - get this - absolutely free!
Like Microsoft's own courses, the boot camp is focused on teaching you the core basics you need to set up and administer Exchange 2010 - it isn't aimed at some of the more complex scenarios like multi-site DAG failover design, but then again the equivalent Microsoft courses don't either, and they cost a lot of money to attend. But what this does cover is topics such as:
- How to build your training lab
- Setup of Windows and Active Directory
- Installing Exchange Server 2010
- Configuring Exchange roles including Mailbox, Client Access and Hub Transport
- Management of recipients, including Mailboxes, Contacts and Distribution Groups
- Backup and recovery of Exchange
The topics are split up into four modules, and each module is split up into a number of different videos that are easy to digest - for example the Recipient Management module is split up into 6 videos of around 10 minutes or under.
To sign up for Paul's free training, visit exchangeserverpro.com/training. After a quick sign up process all the training is available on-demand.. Enjoy!
Importing Global Address List entries into a user’s Contacts folder
I had a fairly unusual request from one of my customers whilst performing the final stages of an Exchange migration. A while ago, the CEO wasn't able to lookup people to contact from the Global Address List due to connectivity problems and wanted "offline" access to the GAL from his phone.
The customer asked me if it would be possible for me to write a little script to effectively grab the GAL (they aren't a massive company) and copy it into the CEO's mailbox, into a dedicated Contacts folder, for example "OrgContacts". Whilst certainly not a great idea for a larger company, for a few hundred users it's not a bad idea, and in a previous post I've written something very similar, so in my spare time put together the following script…
What it does:
- Connects to the user mailbox using EWS as a the logged on Administrator, using impersonation.
- Checks if the dedicated contacts folder exists, and if so empties it.
- Gets the organization's users who have an email address set and at least a work phone or mobile phone number.
- Adds a contact for each of the above users, populating the contact's name, company, department, job title, email address and work and mobile phone numbers into the dedicated contacts folder.
Pre-requisites
As with the original script this is based on, you need to set up the impersonal for Exchange Web Services and install the Exchange Web Services Managed API 1.2 before using the script. The script uses the default installation location of the EWS Managed API, so if you've got it installed somewhere else, update the script.
To setup the pre-reqs, follow Setup of Exchange Web Services Impersonation and Installing the Exchange Web Services Managed API from the original article Using Powershell to import contacts into Exchange.
Additionally, the script expects to be used in the following scenario:
- To be executed from the Exchange Management Shell, so it can get the InternalURL for Exchange Web Services (EWS) from Exchange 2010 SP1 or SP2.
- The logged-in user is the administrator whom has impersonation rights over the mailbox you wish to copy contacts into.
Using the Copy-OrgContactsToUserContacts.ps1 Script
Once the pre-reqs are satisfied, run the script using the following parameters, substituting <mailbox> with the name of the Mailbox User you wish to create the Contacts folder within:
GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)
Upon initial and subsequent executions, the script should output similar to shown below:
Finally, the new contacts folder, complete with copies of GAL entries should show within the user's mailbox, as shown below in OWA:
Download the Copy-OrgContactsToUserContacts.ps1 here as a zip file, and as always if you've got any questions or suggestions for improvement, let me know in the comments below..
More from StevieG.org
- About Me
- Car PC
- Exchange 2010 Virtual Load Balancer
- Exchange Environment Report
- Recommended Exchange Reference Material
Find Me On…
Important Notice
Categories
Recent Posts
- Checking out GFI MailEssentials Online
- Enabling a Remote Mailbox on Office 365 fails
- Using the KEMP LoadMaster with Exchange Server 2010
- Outlook 2003 is unresponsive when managing Delegates with Exchange 2010
- Exchange 2010 SP2 Hybrid Wizard resets OWA Redirect URL to Tenant Domain
- Updated–Getting info about ActiveSync, EWS and WebDAV clients from Exchange 2007 and 2010
Top posts
- StartSSL Certs – Great free certs, and even better SAN and Wildcard Certs
- Using the Exchange 2010 SP1 Mailbox Export features for Mass Exports to PST files
- Auto-mapping shared mailboxes in Exchange 2010 SP1 with Outlook 2010 and Outlook 2007
- Generate Exchange Environment Reports using Powershell
Blogroll
- Aaron Tiensivu's Blog
- Clint Boessen's Blog
- Devin on Earth
- Dougs Blog…
- Elan Shudnow's Blog
- Exchange Server Pro
- Exchange Team Blog
- Exchange2010.com
- Exchangepedia Blog
- Henrik Walther Blog
- Microsoft Messaging and Mobility User Group UK
- Mike Crowley's Whiteboard
- Mike Pfeiffer's Blog
- Nuttin but Exchange
- VMlover by Daniel Eason