[isalist] Re: Cert for OWA

  • From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 19 May 2006 23:49:29 -0400

Uhm okay Jim so how to I tell ISA the following under one server publish
website rule?

 

https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10

https://www.autsoldnow.com/exchange goes to 192.168.1.2

 

Andrew

 

 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, May 19, 2006 9:05 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Cert for OWA

 

http://www.ISAserver.org

-------------------------------------------------------

  

..so don't use the same listener for both sites.

C'mon, Andy - take a moment to think it through.

 

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Andrew English

Sent: Friday, May 19, 2006 4:38 PM

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

http://www.ISAserver.org

-------------------------------------------------------

  

 

The problem Jim is there web site doesn't use IIS it uses Jboss which is

a Java Application Server, normally Jboss sits on Tomcat but this time

around there isn't any Tomcat running so I am not sure what the script

kiddies have done. There is no Tomcat server running under services.msc,

there is no apache running anywhere, it all runs from one box.

 

The second box of course runs Exchange 2003 on top of AD which doesn't

want swing for me without telling me that the version of AD is not the

same as the other 2003 server even though I raised the domain and forest

levels to 2003. 

 

Andrew

 

 

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Jim Harrison

Sent: Friday, May 19, 2006 5:59 PM

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

http://www.ISAserver.org

-------------------------------------------------------

  

This is called "redirect to HTTPS" and is supported in IIS. 

You can even do it with ISA if you use the isa_redirects package I

built.

 

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/

   http://isatools.org

   Read the help / books / articles!

-------------------------------------------------------

 

 

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Andrew English

Sent: Friday, May 19, 2006 15:08

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

http://www.ISAserver.org

-------------------------------------------------------

  

 

As for OWA we are in the process of buying a separate cert for that. As

before what was happening is the had their Linux box flipping the HTTP

to HTTPS for both the web and exchange site which both run on two

different LAN servers. Since the dealers themselves are too computer

illiterate to know what Internet Explorer is let alone where the Address

bar is located we had to keep the cert for the web site and flip to HTTP

so that portions of the site what stopped working when the cert was

originally installed can function normally again. 

 

Andrew

 

 

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Jim Harrison

Sent: Friday, May 19, 2006 5:47 PM

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

http://www.ISAserver.org

-------------------------------------------------------

  

..then the subject is irrelevant to the question?

"Cert for OWA" seems to indicate to the rest of us that this was about

OWA publishing. 

 

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/

   http://isatools.org

   Read the help / books / articles!

-------------------------------------------------------

 

 

-----Original Message-----

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Andrew English

Sent: Friday, May 19, 2006 14:49

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

Ah no.

 

 

 

The username and passwords are only contained within the site itself,

they are not associated to AD in anyway shape or form. So if someone

wants to see what dealerA has sold on the network be my guess, but

they're login name and password don't work where else but on the

website.  

 

 

 

Andrew

 

 

 

 

 

________________________________

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]

On Behalf Of Mark Morgan

Sent: Friday, May 19, 2006 5:18 PM

To: isalist@xxxxxxxxxxxxx

Subject: [isalist] Re: Cert for OWA

 

 

 

It really does not mater if there is not personal or confidential info

on the site, if you pass the user id and password via http the user

domain credentials can be compromised, which someone could then use to

login to VPN etc.

 

 

 

          -----Original Message-----

          From: isalist-bounce@xxxxxxxxxxxxx

[mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English

          Sent: Friday, May 19, 2006 12:56 PM

          To: isalist@xxxxxxxxxxxxx

          Subject: RE: [isalist] Re: Cert for OWA

 

          Hi Gerald, 

 

           

 

          Thanks for the bit of information as it never crossed my mind

that without SSL installed usernames and passwords are sent in clear

text format. 

 

           

 

          Actually the site is more broken with the SSL enabled then it
is

without it. So I am not too worried as it changing to a different

front-end/back-end within the coming months which will switch back to

using SSL. It's more important if people can access the site correctly

now then to have them calling us everyday asking what's wrong, and yes

we are aware the trade off it has, but since the site doesn't contain

and personal or confidential information we are not too worried about. 

 

           

 

          Regards,

 

          Andrew

 

           

 

          

________________________________

 

 

          From: isalist-bounce@xxxxxxxxxxxxx on behalf of Young, Gerald
G

          Sent: Fri 19/05/2006 3:16 PM

          To: isalist@xxxxxxxxxxxxx

          Subject: [isalist] Re: Cert for OWA

 

          How are you connecting then?

 

           

 

          https:// is for SSL.

 

          http:// does not use SSL or the certificate you just
installed.

 

           

 

          I hope you're not planning on authenticating users over just
an

http connection: the username and password will be sent in clear text

that anyone can grab should they be listening.

 

          Cordially yours,

          Jerry G. Young II

            MCSE (4.0/W2K)

          Atlanta EES Implementation Team Lead

          ECNS Microsoft Engineering

          Unisys 

 

          11493 Sunset Hills Rd.

          Reston, VA 20190

          Office: 703-579-2727

          Cell: 703-625-1468 

 

          THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE

PROPRIETARY MATERIAL and is thus for use only by the intended recipient.

If you received this in error, please contact the sender and delete the

e-mail and its attachments from all computers. 

 

          

________________________________

 

 

          From: isalist-bounce@xxxxxxxxxxxxx

[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English

          Sent: Friday, May 19, 2006 3:08 PM

          To: isalist@xxxxxxxxxxxxx

          Subject: RE: [isalist] Re: Cert for OWA

 

           

 

          I figured it out.. After I exported the SSL cert to pfx on
IIS6

and imported it into ISA I was able to surf to the site, however I had

enabled SSL on the webpage and for some reason it was telling me I had

to https:// to the site which I was doing, as soon as I removed the

(required SSL) from the web site I was able to access it. Then I applied

the html I had to redirect the site back to http. (grin)

 

           

 

          Thanks for those who helped I really do appreciate it!

 

           

 

          Regards,

 

          Andrew

 

           

 

          --

          No virus found in this incoming message.

          Checked by AVG Free Edition.

          Version: 7.1.392 / Virus Database: 268.6.1/343 - Release Date:

5/18/2006

 

 

--

No virus found in this outgoing message.

Checked by AVG Free Edition.

Version: 7.1.392 / Virus Database: 268.6.1/343 - Release Date: 5/18/2006

 

 

 

All mail to and from this domain is GFI-scanned.

 

------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/

ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

ISA Server Articles and Tutorials:

http://www.isaserver.org/articles_tutorials/

ISA Server Blogs: http://blogs.isaserver.org/

------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com

------------------------------------------------------

To unsubscribe visit http://www.isaserver.org/pages/isalist.asp

Report abuse to listadmin@xxxxxxxxxxxxx 

 

------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/

ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp

ISA Server Articles and Tutorials:

http://www.isaserver.org/articles_tutorials/

ISA Server Blogs: http://blogs.isaserver.org/

------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com

------------------------------------------------------

To unsubscribe visit http://www.isaserver.org/pages/isalist.asp

Report abuse to listadmin@xxxxxxxxxxxxx 

 

 

All mail to and from this domain is GFI-scanned.

 

------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/  

ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 

ISA Server Articles and Tutorials:

http://www.isaserver.org/articles_tutorials/ 

ISA Server Blogs: http://blogs.isaserver.org/ 

------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com 

------------------------------------------------------

To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 

Report abuse to listadmin@xxxxxxxxxxxxx 

 

------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/  

ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 

ISA Server Articles and Tutorials:

http://www.isaserver.org/articles_tutorials/ 

ISA Server Blogs: http://blogs.isaserver.org/ 

------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com 

------------------------------------------------------

To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 

Report abuse to listadmin@xxxxxxxxxxxxx 

 

 

All mail to and from this domain is GFI-scanned.

 

------------------------------------------------------

List Archives: //www.freelists.org/archives/isalist/  

ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 

ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 

ISA Server Blogs: http://blogs.isaserver.org/ 

------------------------------------------------------

Visit TechGenix.com for more information about our other sites:

http://www.techgenix.com 

------------------------------------------------------

To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 

Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2006