RE: Certification Question

  • From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 7 Mar 2005 14:56:43 -0500

Look all I want to do is make a simple web page which I can force people
to login on that says:

Welcome....blah...blah...blah

Please click here to install CA on your machine so you can access our
SSL services. Note you will be prompted by several boxes asking if you
are sure that you want to install our cert. Simply say yes to each one
until you get an e message saying "cert successfully installed". 

Setting up your Outlook 2003... blah blah blah.. 

Done!

I ask a friend of mine who's internet coder to take a look at
certcarc.asp on the certserver to see if we can only use the part which
does the installation of the cert on ones computer; Unless of course
there is an easier way of doing without spending any money. :)

Andrew


-----Original Message-----
From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] 
Sent: Monday, March 07, 2005 2:36 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

When you put it that way  (install it in the trusted store on the local
machine without user intervention) suddenly it sounds like a big
security
issue.  This pretty much circumvents the whole trusted root CA thing
that
people have worked so hard to establish, and why you get prompted to
install, doesn't it?

There's a reason a publicly trusted Cert costs so much - the 'trusting'
part
and security derived therein.

The hoops folks have to jump through to make an internal CA trusted
often
seems to cost more than just buying the cert - just goes to show that
'cheapest' is often not really 'least expensive.'

I've said before you can add your root CA as a trusted root using a GPO
for
your client systems, but I suspect you mean your external (i.e.,
non-employee) clients - in which case 'forcing' a trusted root onto them
is
probably an issue.


On 3/7/05 2:28 PM, "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Some background? 
> 
> Where do you want to install the cert?
> 
> Are you saying that this is a cert you created (that would be why the
logon
> to https://webserver/certsrv ) and you want to install it in the
trusted
> store on the local machine without user intervention?  Or something
else?
> 
> Al 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Monday, March 07, 2005 12:40 PM
> To: [ExchangeList]
> Subject: [exchangelist] Certification Question
> 
> http://www.MSExchange.org/
> 
> Does anyone know of away to build a page which will send a cert to a
client
> and give them instructions on how to setup outlook 2003 for RPC over
HTTP? I
> can do the instructions and security part I just need to know how I
would
> setup the "install CA" part without having them login into /certsrv
and
> complicate things. :)
> 
> Thanks
> Andrew
> 
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
Security
> Resource Site: http://www.windowsecurity.com/ Network Security
Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> al.mulnick@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: