RE: Certification Question

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 8 Mar 2005 07:24:41 -0600

Hi Rick,

Agreed. Or, go for a whole days work and spring for a wildcard cert :) 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] 
Sent: Tuesday, March 08, 2005 6:41 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

Or, if you want to provide ISP (or ASP) services to customers, but you
don't
trust them to hit /certserv, a better solution is to use a cert from a
publicly trusted root.

This is exactly what they are there for - you've already spent as much
in
labor as you ever would on the cert - they're only $150 US from Entrust.

That's an hour's work (or more, depending on your rates).  Between this,
and
all the challenges you've had getting RPC/HTTPS working - all would have
been fixed by this, and you would move on to selling that service to the
ten
other clients you need to absorb the cost.


On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Why not just distribute the CA certifiate as a file and provide
> instructions for installing it. Can probably be done from the command
> line too, so it could be scriptable.
> 
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 10:44 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Both. 
> 
> I am bothering with certificates because I also do a lot of trouble
> shooting for people and find that if you really want to confuse them
set
> them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request
> from the outside which another reason I want to stick with RPC over
> HTTP; clients on the run will be able to plug their machines in just
> about anywhere and get connect to their email without having to worry
> about reconfiguring their SMTP server. It's always best to keep it
> stupid simple. :)
> 
> I use it for both in house and ISP.
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 9:52 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Andrew,
> You haven't answered my question.
> Are you using Exchange as a ISP mail server ? Or as a corporate email
> server or both. If you are trying to provide service for non-corporate
> users, why are you bothering with RPC over HTTP and certificates?
> 
> 
> Regards,
> 
> Raj
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 5:25 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Al, 
> 
> Uhm...
> 
> The current way OWA with SSL works is when you go to
> https://owa.smoothrunnings.ca/exchanage you will be prompted to accept
> the cert. 
> 
> Once you accept the cert you then see the OWA login page. You login
and
> your done..
> 
> okay got it?
> 
> RPC over HTTP does not prompt the user to accept the cert, it assumes
> the user has installed the cert into their computer.. ie in
Certificates
> for the local computer -> Certificates -> Personal
> 
> If you go to your certs machine and type: http://IP/certsrv and login
> and choose "download a CA certificate....blah...blah..." and then
click
> on "Install this CA..blah blah" on the next page the CA will be
> installed on the machine you are using to access certsrv.
> 
> Thus when you go to owa.sitename.com/exchange which you just installed
> the cert for you will NOT be prompted for the cert. Thus when you use
> RPC over HTTP you WILL connect to the exchange server.
> 
> I simply don't want users to have access to /certsrv, I would rather
> create or used part of the certcarc.asp code (which installs the cert
on
> your machine) to create a new page which users who are currently using
> my email services can access to install the cert on their personal
> computers.
> 
> I am just trying to figure out if there is a easier way to go about
it,
> since I don't want to waste my friends time in dismantling Microsoft's
> ASP code! :)
> 
> Andrew
> 
> -----Original Message-----
> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
> Sent: Monday, March 07, 2005 4:40 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Ok.  So you want them to get the cert and install it in the store, a
la
> the way that you get prompted for an untrusted cert on an IIS page in
> IE, only not prompt them for it correct? Basically handle the warnings
> etc in another way than a popup else let the popup occur in your
process
> (in other words, let the user browse to the secure site that tells
them
> how to set this up and have them insert it in the trusted store or
offer
> a script that does this for them (I opt for the previous: letting them
> see the cert popup, and telling them to accept it and install the cert
> vs. automating it.  For many reasons including technical and security
> reasons).
> 
> 
> I think there are all kinds of issues with doing this, such as the
user
> has to be able to write to the trusted store etc.  However, I believe
> this is the concept you're looking for:
> 
> http://support.microsoft.com/kb/297681
> 
> 
> Let me know if I missed the concept totally.
> 
> al 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
Security
> Resource Site: http://www.windowsecurity.com/ Network Security
Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> tshinder@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question

1. Home
2. exchangelist
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---