Al, Uhm... The current way OWA with SSL works is when you go to https://owa.smoothrunnings.ca/exchanage you will be prompted to accept the cert. Once you accept the cert you then see the OWA login page. You login and your done.. okay got it? RPC over HTTP does not prompt the user to accept the cert, it assumes the user has installed the cert into their computer.. ie in Certificates for the local computer -> Certificates -> Personal If you go to your certs machine and type: http://IP/certsrv and login and choose "download a CA certificate....blah...blah..." and then click on "Install this CA..blah blah" on the next page the CA will be installed on the machine you are using to access certsrv. Thus when you go to owa.sitename.com/exchange which you just installed the cert for you will NOT be prompted for the cert. Thus when you use RPC over HTTP you WILL connect to the exchange server. I simply don't want users to have access to /certsrv, I would rather create or used part of the certcarc.asp code (which installs the cert on your machine) to create a new page which users who are currently using my email services can access to install the cert on their personal computers. I am just trying to figure out if there is a easier way to go about it, since I don't want to waste my friends time in dismantling Microsoft's ASP code! :) Andrew -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, March 07, 2005 4:40 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Ok. So you want them to get the cert and install it in the store, a la the way that you get prompted for an untrusted cert on an IIS page in IE, only not prompt them for it correct? Basically handle the warnings etc in another way than a popup else let the popup occur in your process (in other words, let the user browse to the secure site that tells them how to set this up and have them insert it in the trusted store or offer a script that does this for them (I opt for the previous: letting them see the cert popup, and telling them to accept it and install the cert vs. automating it. For many reasons including technical and security reasons). I think there are all kinds of issues with doing this, such as the user has to be able to write to the trusted store etc. However, I believe this is the concept you're looking for: http://support.microsoft.com/kb/297681 Let me know if I missed the concept totally. al -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 3:56 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Al, I am not looking to bypass the whole logon and get a cert installed. I want it so my clients can install the cert on their machines; some may have use notebooks when they are on the go and use their home computers when they are back from being on the go, while others may just want to use their home computers. I just want to make it available for them to install it on whatever machine they choose, the last thing I want them doing is installing the cert on some internet café machine, or a another persons or company machine that doesn't belong to them, in the case when using OWA with SSL. The other issue with automating certs is that RPC over HTTP does not prompt a user for verification of the cert, it automatically assumes the user has the cert already installed and if it doesn't they simply do not get access to their email... period. Andrew -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, March 07, 2005 3:35 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Sounds like you're saying exactly what I wrote. You want to bypass the whole logon and get a cert installed on the local machine step by automating it so you can avoid using a trusted cert from a third-party vendor. What am I missing with that? -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 2:51 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ No I am not saying that. I am saying, if I want to get some joe access to RPC over HTTP over the net for $10 per month say, I want to be able to easily get him to install the cert on his local machine which sits in his house or office and setup his outlook 2k3 so he can RPC over HTTP into my box and get his email. Andrew -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, March 07, 2005 2:28 PM To: [ExchangeList] Subject: [exchangelist] RE: Certification Question http://www.MSExchange.org/ Some background? Where do you want to install the cert? Are you saying that this is a cert you created (that would be why the logon to https://webserver/certsrv ) and you want to install it in the trusted store on the local machine without user intervention? Or something else? Al -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 12:40 PM To: [ExchangeList] Subject: [exchangelist] Certification Question http://www.MSExchange.org/ Does anyone know of away to build a page which will send a cert to a client and give them instructions on how to setup outlook 2003 for RPC over HTTP? I can do the instructions and security part I just need to know how I would setup the "install CA" part without having them login into /certsrv and complicate things. :) Thanks Andrew ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx