Exchange Server TechCenter >
Exchange Server 2010 Forums
>
Exchange Server 2010
>
Please add StartCom to Windows Live Trusted CA's for Federation Gateway
Please add StartCom to Windows Live Trusted CA's for Federation Gateway
- The current list of Tursted CA's for The Microsoft Federation Gateway excludes the newest (and by far the cheapest) CA in the Microsoft trusted CA program -- StartCom.
StartCom issues free domain validated SSL certificates and $40 for unlimited wildcard & UCC certs. They're supported by Vista, Win7 and XP (with the Sept 09 root ca update).
Please enable them for Windows Live.
All Replies
A: this would be an issue for StartCom to persue not Microsoft
B: This is not related to Exchange 2010
C: This is a comment, not a question
D: the reason trusted root CA lists are restricted in the first place is to ensure only repuitable CAs make the list, and therefore ensure the integrity of the certificates they issue. Seems like this would be tough if they hand out certs for free. heck, *I* can start issuing certificates, but what makes them worth a dern is having trust from the commuinity.- Proposed As Answer byMike Crowley Tuesday, November 03, 2009 2:41 PM
- There's just something about adding the Walmart of CAs to the list that makes me get a funny feeling when dealing with inter-org federation.
Brian Day: MCSA 2000/2003, CCNA, MCTS: Microsoft Exchange Server 2010 Configuration, Overall Exchange/AD Geek. - ditto. I think they should be accessable to small businesses otherwise low-budget IT shops will go unprotected, but handing them out for free without any regulation is a problem.
- I bring it up here as this I was trying to use the federation mechanism in Exchange 2010. The CA is trusted or it wouldn't be included in Microsoft's trusted CA list. It seems like Windows Live is using a selected subset of that list for some reason.
It's not like it's hard to get a go-daddy SSL Cert, just more expensive. For domain-validated certificates, StartCom does the same thing everyone else does -- send an email to the desginated contact from WHOIS. The CA is trusted or it wouldn't be included in Microsoft's trusted CA list.
Microsoft also includes a bunch of universal v1.0.0.0 drivers they write themselves for hardware with Windows.
Brian Day: MCSA 2000/2003, CCNA, MCTS: Microsoft Exchange Server 2010 Configuration, Overall Exchange/AD Geek.- hi guys,
This doesn't have anything to do with Exchange 2010 so let's just move along, maybe go look at some pretty trees.
thanks.
Senior Technical Writer - Exchange This posting is provided "AS IS" with no warranties, and confers no rights. - I have a japanese maple outside my window. It's changing colors this week - red leaves now!
