Why don't you just get a certificate from a source such as Verisign. A trusted source by Windows OS, end user don't have to do anything. Regards, Raj -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 2:57 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Look all I want to do is make a simple web page which I can force people to login on that says: Welcome....blah...blah...blah Please click here to install CA on your machine so you can access our SSL services. Note you will be prompted by several boxes asking if you are sure that you want to install our cert. Simply say yes to each one until you get an e message saying "cert successfully installed". Setting up your Outlook 2003... blah blah blah.. Done! I ask a friend of mine who's internet coder to take a look at certcarc.asp on the certserver to see if we can only use the part which does the installation of the cert on ones computer; Unless of course there is an easier way of doing without spending any money. :) Andrew -----Original Message----- From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 2:36 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ When you put it that way (install it in the trusted store on the local machine without user intervention) suddenly it sounds like a big security issue. This pretty much circumvents the whole trusted root CA thing that people have worked so hard to establish, and why you get prompted to install, doesn't it? There's a reason a publicly trusted Cert costs so much - the 'trusting' part and security derived therein. The hoops folks have to jump through to make an internal CA trusted often seems to cost more than just buying the cert - just goes to show that 'cheapest' is often not really 'least expensive.' I've said before you can add your root CA as a trusted root using a GPO for your client systems, but I suspect you mean your external (i.e., non-employee) clients - in which case 'forcing' a trusted root onto them is probably an issue. On 3/7/05 2:28 PM, "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Some background? > > Where do you want to install the cert? > > Are you saying that this is a cert you created (that would be why the logon > to https://webserver/certsrv ) and you want to install it in the trusted > store on the local machine without user intervention? Or something else? > > Al > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 07, 2005 12:40 PM > To: [ExchangeList] > Subject: [exchangelist] Certification Question > > http://www.MSExchange.org/ > > Does anyone know of away to build a page which will send a cert to a client > and give them instructions on how to setup outlook 2003 for RPC over HTTP? I > can do the instructions and security part I just need to know how I would > setup the "install CA" part without having them login into /certsrv and > complicate things. :) > > Thanks > Andrew > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > al.mulnick@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > rickb@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx