I'm trying to change the ports on our Exchange 2010 server so people with smartphones that have ports 25 and 110 blocked can still send/receive using ports 465 and 995 (TLS?). The SSL cert from Network Solutions is the Wildcard SSL (according to their tech support) which is ungodly expensive at $549/year! They say there is NO CHEAPER alternative to this. Before I commit to that level of expense, I wanted to get the experts' opinions. Is there a way to do this without spending that kind of money and still get a secured port(s) for Exchange 2010? Thanks for any help!

On Mon, 9 May 2011 21:10:43 +0000, ComputerD00d wrote: >I'm trying to change the ports on our Exchange 2010 server so people with smartphones that have ports 25 and 110 blocked can still send/receive using ports 465 and 995 (TLS?). Use port 587 for SMTP client submission. Port 465 stopped being a good choice long ago (and it was never accepted as a standard, either). >The SSL cert from Network Solutions is the Wildcard SSL (according to their tech support) which is ungodly expensive at $549/year! You only need a SSL cert. If you need multiple names, use a SAN/UCC certificate. Wildcard certs won't work with things like ActiveSync. >They say there is NO CHEAPER alternative to this. http://www.digicert.com/ http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 + others >Before I commit to that level of expense, I wanted to get the experts' opinions. Is there a way to do this without spending that kind of money and still get a secured port(s) for Exchange 2010? Thanks for any help! --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

So just a standard $39 SSL cert will allow me to do this? I wonder why they tried to sell me a $500 one! I only need it for my company domain name so it won't need multiple domains/subdomains. Port 587 it is. Thanks for the info!

On Tue, 10 May 2011 16:24:49 +0000, ComputerD00d wrote: >So just a standard $39 SSL cert will allow me to do this? It should be sufficient. >I wonder why they tried to sell me a $500 one! I have n idea what questions you were asked, or how you answered them, so I can't comment on what they told you was necessary. >I only need it for my company domain name so it won't need multiple domains/subdomains. Port 587 it is. Thanks for the info! If you use autodiscover, or have a fqdn for OWA that's different to the one you use for POP/IMAP/autodoscover, then you probably do have multiple domain names. But a SAN/UCC certificate would be be better than an wildcard cert in that case. Or you could use the DNS SRV record method of publishing the autodiscover name and just get by with an inexpensive single-name SSL cert. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

All I asked the lady was what I needed to be able to use SSL on Exchange 2010 for TLS. She said that was the ONLY one that would work. Sounds like a gimmick to me. Thanks for the info. I'll get right on it.

Maybe you can know more about Exchange 2010 TLS certificates from this document: Understanding TLS Certificates http://technet.microsoft.com/en-us/library/aa998840.aspx When you try to configure POP3 to use TLS or SSL, please refer to this document: Configure POP3 to Use TLS or SSL http://technet.microsoft.com/en-us/library/aa997290.aspx Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Quotes from Dec 2010 for SAN cert with 6 subject names. Digi Cert would be $965 for 3yrs Go Daddy would be $420 for 3 yrs Wild card from Digi Cert is $1425 for 3 yrsJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com