Configuration Options for Exchange Server SSL Certificates
Before, organizations are able to choose whether to use SSL Certificates or not when publishing to their external client access. This was when everyone was still using Exchange 2003. But today, when an SSL Certificate in not an option but a necessity, you should be able to determine the best configuration options for Exchange Server SSL Certificates so that you will be able to successfully craft a deployment system that will enable you to reap great benefits.
Three Configuration Options for Exchange SSL Certificates
There are three kinds of Exchange Server SSL configuration options: pass-through, bridging and offload.
- SSL Pass-Through Configuration Option
Pass-through is one of the configuration options for Exchange Server SSL Certificates that you can choose. This is the simplest method that does not intercept with the sessions of SSL Certificates on a network device before reaching the client access server role.
Exchange servers with only a few connections are often using this kind of configuration option. This configuration option also comes in two variations: the type that no reverse proxy or load-balancing is used and the type that uses both – reverse proxy and the load-balancing.
- SSL Offload Configuration Option
The second of the three types of configuration options for Exchange Server SSL Certificates is the offload option. This system enables the connection to the proxy device to be delivered directly, which means that the SSL is decrypted. This makes the proxy to have full access on the connection, making it able to pre-authenticate the session. The session to the Exchange Server is then on a non-SSL protocol session.
This is useful because it enables the security system to inspect the stream between the proxy and the Exchange Server but it is also disadvantageous because the connection can be inspected and intercepted by entities that have malicious intents.
This is also one of the configuration options for Exchange Server SSL Certificates that requires too much configuration because the disabling of the SSL Certificates must be done manually on the protocols that the admin desires.
- SSL Bridging Configuration Option
SSL Bridging is the third on the three configuration options for Exchange Server SSL Certificates. This is almost the same as the second configuration option, which is the offload option. The connection of the client to the proxy is still decrypted and the security system is also able to inspect the connection. The only difference between the two is that the proxy is using an SSL-enabled protocol when it is connecting with the Exchange Server.
This kind of option also enables the Exchange Server and the proxy to have different hostnames and certificates. Thus, it enables the proxy to have a public domain name and SSL Certificate while the Exchange Server can have an internal or private name and certificates.
The only inconvenience of this third option of the three configuration options for Exchange Server SSL Certificates is that the system will not be able to inspect the traffic once it leaves the proxy because bridging enables the encryption of the network stream.
