RE: Certification Question

  • From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
  • To: Exchange List <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 08 Mar 2005 10:17:42 -0500

If that's true, you're either not charging enough, or you're in the wrong
business.  

On a business operations note, if you can't squeeze out $150, stop mucking
around with RPC/HTTPS and go sell something!



On 3/8/05 9:16 AM, "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Rick, 
> 
> $150 a year is too much for this mom and pop ISP if you want to call it
> that. :)
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 7:41 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Or, if you want to provide ISP (or ASP) services to customers, but you
> don't
> trust them to hit /certserv, a better solution is to use a cert from a
> publicly trusted root.
> 
> This is exactly what they are there for - you've already spent as much
> in
> labor as you ever would on the cert - they're only $150 US from Entrust.
> 
> That's an hour's work (or more, depending on your rates).  Between this,
> and
> all the challenges you've had getting RPC/HTTPS working - all would have
> been fixed by this, and you would move on to selling that service to the
> ten
> other clients you need to absorb the cost.
> 
> 
> On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:
> 
>> http://www.MSExchange.org/
>> 
>> Why not just distribute the CA certifiate as a file and provide
>> instructions for installing it. Can probably be done from the command
>> line too, so it could be scriptable.
>> 
>> 
>> Tom
>> www.isaserver.org/shinder
>> Tom and Deb Shinder's Configuring ISA Server 2004
>> http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>> 
>> 
>> -----Original Message-----
>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 10:44 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Both. 
>> 
>> I am bothering with certificates because I also do a lot of trouble
>> shooting for people and find that if you really want to confuse them
> set
>> them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request
>> from the outside which another reason I want to stick with RPC over
>> HTTP; clients on the run will be able to plug their machines in just
>> about anywhere and get connect to their email without having to worry
>> about reconfiguring their SMTP server. It's always best to keep it
>> stupid simple. :)
>> 
>> I use it for both in house and ISP.
>> 
>> Andrew
>> 
>> 
>> -----Original Message-----
>> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 9:52 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Andrew,
>> You haven't answered my question.
>> Are you using Exchange as a ISP mail server ? Or as a corporate email
>> server or both. If you are trying to provide service for non-corporate
>> users, why are you bothering with RPC over HTTP and certificates?
>> 
>> 
>> Regards,
>> 
>> Raj
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 5:25 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Al, 
>> 
>> Uhm...
>> 
>> The current way OWA with SSL works is when you go to
>> https://owa.smoothrunnings.ca/exchanage you will be prompted to accept
>> the cert. 
>> 
>> Once you accept the cert you then see the OWA login page. You login
> and
>> your done..
>> 
>> okay got it?
>> 
>> RPC over HTTP does not prompt the user to accept the cert, it assumes
>> the user has installed the cert into their computer.. ie in
> Certificates
>> for the local computer -> Certificates -> Personal
>> 
>> If you go to your certs machine and type: http://IP/certsrv and login
>> and choose "download a CA certificate....blah...blah..." and then
> click
>> on "Install this CA..blah blah" on the next page the CA will be
>> installed on the machine you are using to access certsrv.
>> 
>> Thus when you go to owa.sitename.com/exchange which you just installed
>> the cert for you will NOT be prompted for the cert. Thus when you use
>> RPC over HTTP you WILL connect to the exchange server.
>> 
>> I simply don't want users to have access to /certsrv, I would rather
>> create or used part of the certcarc.asp code (which installs the cert
> on
>> your machine) to create a new page which users who are currently using
>> my email services can access to install the cert on their personal
>> computers.
>> 
>> I am just trying to figure out if there is a easier way to go about
> it,
>> since I don't want to waste my friends time in dismantling Microsoft's
>> ASP code! :)
>> 
>> Andrew
>> 
>> -----Original Message-----
>> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
>> Sent: Monday, March 07, 2005 4:40 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Ok.  So you want them to get the cert and install it in the store, a
> la
>> the way that you get prompted for an untrusted cert on an IIS page in
>> IE, only not prompt them for it correct? Basically handle the warnings
>> etc in another way than a popup else let the popup occur in your
> process
>> (in other words, let the user browse to the secure site that tells
> them
>> how to set this up and have them insert it in the trusted store or
> offer
>> a script that does this for them (I opt for the previous: letting them
>> see the cert popup, and telling them to accept it and install the cert
>> vs. automating it.  For many reasons including technical and security
>> reasons).
>> 
>> 
>> I think there are all kinds of issues with doing this, such as the
> user
>> has to be able to write to the trusted store etc.  However, I believe
>> this is the concept you're looking for:
>> 
>> http://support.microsoft.com/kb/297681
>> 
>> 
>> Let me know if I missed the concept totally.
>> 
>> al 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com Leading
>> Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security
>> Resource Site: http://www.windowsecurity.com/ Network Security
> Library:
>> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
>> http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> andrew@xxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> tshinder@xxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> rickb@xxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx



Other related posts: