Hi Rick, Agreed. Or, go for a whole days work and spring for a wildcard cert :) Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] Sent: Tuesday, March 08, 2005 6:41 AM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Or, if you want to provide ISP (or ASP) services to customers, but you don't trust them to hit /certserv, a better solution is to use a cert from a publicly trusted root. This is exactly what they are there for - you've already spent as much in labor as you ever would on the cert - they're only $150 US from Entrust. That's an hour's work (or more, depending on your rates). Between this, and all the challenges you've had getting RPC/HTTPS working - all would have been fixed by this, and you would move on to selling that service to the ten other clients you need to absorb the cost. On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Why not just distribute the CA certifiate as a file and provide > instructions for installing it. Can probably be done from the command > line too, so it could be scriptable. > > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 07, 2005 10:44 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Both. > > I am bothering with certificates because I also do a lot of trouble > shooting for people and find that if you really want to confuse them set > them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request > from the outside which another reason I want to stick with RPC over > HTTP; clients on the run will be able to plug their machines in just > about anywhere and get connect to their email without having to worry > about reconfiguring their SMTP server. It's always best to keep it > stupid simple. :) > > I use it for both in house and ISP. > > Andrew > > > -----Original Message----- > From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] > Sent: Monday, March 07, 2005 9:52 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Andrew, > You haven't answered my question. > Are you using Exchange as a ISP mail server ? Or as a corporate email > server or both. If you are trying to provide service for non-corporate > users, why are you bothering with RPC over HTTP and certificates? > > > Regards, > > Raj > > > > > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 07, 2005 5:25 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Al, > > Uhm... > > The current way OWA with SSL works is when you go to > https://owa.smoothrunnings.ca/exchanage you will be prompted to accept > the cert. > > Once you accept the cert you then see the OWA login page. You login and > your done.. > > okay got it? > > RPC over HTTP does not prompt the user to accept the cert, it assumes > the user has installed the cert into their computer.. ie in Certificates > for the local computer -> Certificates -> Personal > > If you go to your certs machine and type: http://IP/certsrv and login > and choose "download a CA certificate....blah...blah..." and then click > on "Install this CA..blah blah" on the next page the CA will be > installed on the machine you are using to access certsrv. > > Thus when you go to owa.sitename.com/exchange which you just installed > the cert for you will NOT be prompted for the cert. Thus when you use > RPC over HTTP you WILL connect to the exchange server. > > I simply don't want users to have access to /certsrv, I would rather > create or used part of the certcarc.asp code (which installs the cert on > your machine) to create a new page which users who are currently using > my email services can access to install the cert on their personal > computers. > > I am just trying to figure out if there is a easier way to go about it, > since I don't want to waste my friends time in dismantling Microsoft's > ASP code! :) > > Andrew > > -----Original Message----- > From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] > Sent: Monday, March 07, 2005 4:40 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Ok. So you want them to get the cert and install it in the store, a la > the way that you get prompted for an untrusted cert on an IIS page in > IE, only not prompt them for it correct? Basically handle the warnings > etc in another way than a popup else let the popup occur in your process > (in other words, let the user browse to the secure site that tells them > how to set this up and have them insert it in the trusted store or offer > a script that does this for them (I opt for the previous: letting them > see the cert popup, and telling them to accept it and install the cert > vs. automating it. For many reasons including technical and security > reasons). > > > I think there are all kinds of issues with doing this, such as the user > has to be able to write to the trusted store etc. However, I believe > this is the concept you're looking for: > > http://support.microsoft.com/kb/297681 > > > Let me know if I missed the concept totally. > > al > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > andrew@xxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > tshinder@xxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > rickb@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx