RE: Certification Question

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 8 Mar 2005 08:55:14 -0600

http://www.microsoft.com/serviceproviders/hostedmessaging/hosted_exchang
e.asp 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Michael B. Smith [mailto:michael@xxxxxxxxxx] 
Sent: Tuesday, March 08, 2005 8:44 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

You said: RPC over HTTP is meant for corporate use, not for ISP use. 

That's not true.

One of the primary reasons for RPC/HTTP was for xSPs to offer hosted
Exchange.

Hosted Exchange includes an Outlook 2003 license.

I've written an idiot-proof configuration document, and I know I'm not
the only one, for configuring Outlook for Hosted Exchange. Microsoft
also makes available a tool that generates a hosted Exchange profile.
It's less confusing than configuring POP.

-----Original Message-----
From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] 
Sent: Tuesday, March 08, 2005 9:34 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

Andrew,
I am getting a fair idea of your setup. I assume you are a fairly small
shop. If I were you, I would definitely go with POP3 for external users.
If you go for RPC over HTTP, every client needs to have Office 2003 or
at least Outlook 2003. Are they willing to spend on that. If you use
POP3 they can use any email client like Outlook express. You don't have
to spend on certificates, and support. It is a real time killer. RPC
over HTTP is meant for corporate use, not for ISP use. Does your ISP
allow incoming POP3 and SMTP connections? All ISPs allow outgoing POP3
and SMTP connections, so the only problem is you have to make sure you
can receive incoming connections. If not, you can even run POP3 and SMTP
on a different port. Trust me on this one, it is less confusing to an
end user to configure POP3/SMTP rather than RPC over HTTP and
certificates.  


Regards,

Raj


-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, March 08, 2005 9:17 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

Rick, 

$150 a year is too much for this mom and pop ISP if you want to call it
that. :)

Andrew


-----Original Message-----
From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx]
Sent: Tuesday, March 08, 2005 7:41 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

Or, if you want to provide ISP (or ASP) services to customers, but you
don't trust them to hit /certserv, a better solution is to use a cert
from a publicly trusted root.

This is exactly what they are there for - you've already spent as much
in labor as you ever would on the cert - they're only $150 US from
Entrust.

That's an hour's work (or more, depending on your rates).  Between this,
and all the challenges you've had getting RPC/HTTPS working - all would
have been fixed by this, and you would move on to selling that service
to the ten other clients you need to absorb the cost.


On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Why not just distribute the CA certifiate as a file and provide 
> instructions for installing it. Can probably be done from the command 
> line too, so it could be scriptable.
> 
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 10:44 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Both. 
> 
> I am bothering with certificates because I also do a lot of trouble 
> shooting for people and find that if you really want to confuse them
set
> them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request 
> from the outside which another reason I want to stick with RPC over 
> HTTP; clients on the run will be able to plug their machines in just 
> about anywhere and get connect to their email without having to worry 
> about reconfiguring their SMTP server. It's always best to keep it 
> stupid simple. :)
> 
> I use it for both in house and ISP.
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 9:52 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Andrew,
> You haven't answered my question.
> Are you using Exchange as a ISP mail server ? Or as a corporate email 
> server or both. If you are trying to provide service for non-corporate

> users, why are you bothering with RPC over HTTP and certificates?
> 
> 
> Regards,
> 
> Raj
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 5:25 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Al,
> 
> Uhm...
> 
> The current way OWA with SSL works is when you go to 
> https://owa.smoothrunnings.ca/exchanage you will be prompted to accept

> the cert.
> 
> Once you accept the cert you then see the OWA login page. You login
and
> your done..
> 
> okay got it?
> 
> RPC over HTTP does not prompt the user to accept the cert, it assumes 
> the user has installed the cert into their computer.. ie in
Certificates
> for the local computer -> Certificates -> Personal
> 
> If you go to your certs machine and type: http://IP/certsrv and login 
> and choose "download a CA certificate....blah...blah..." and then
click
> on "Install this CA..blah blah" on the next page the CA will be 
> installed on the machine you are using to access certsrv.
> 
> Thus when you go to owa.sitename.com/exchange which you just installed

> the cert for you will NOT be prompted for the cert. Thus when you use 
> RPC over HTTP you WILL connect to the exchange server.
> 
> I simply don't want users to have access to /certsrv, I would rather 
> create or used part of the certcarc.asp code (which installs the cert
on
> your machine) to create a new page which users who are currently using

> my email services can access to install the cert on their personal 
> computers.
> 
> I am just trying to figure out if there is a easier way to go about
it,
> since I don't want to waste my friends time in dismantling Microsoft's

> ASP code! :)
> 
> Andrew
> 
> -----Original Message-----
> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
> Sent: Monday, March 07, 2005 4:40 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Ok.  So you want them to get the cert and install it in the store, a
la
> the way that you get prompted for an untrusted cert on an IIS page in 
> IE, only not prompt them for it correct? Basically handle the warnings

> etc in another way than a popup else let the popup occur in your
process
> (in other words, let the user browse to the secure site that tells
them
> how to set this up and have them insert it in the trusted store or
offer
> a script that does this for them (I opt for the previous: letting them

> see the cert popup, and telling them to accept it and install the cert

> vs. automating it.  For many reasons including technical and security 
> reasons).
> 
> 
> I think there are all kinds of issues with doing this, such as the
user
> has to be able to write to the trusted store etc.  However, I believe 
> this is the concept you're looking for:
> 
> http://support.microsoft.com/kb/297681
> 
> 
> Let me know if I missed the concept totally.
> 
> al
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
Security
> Resource Site: http://www.windowsecurity.com/ Network Security
Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> tshinder@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
raj.periyasamy@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx



Other related posts: