RE: Certification Question

• From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 7 Mar 2005 17:25:25 -0500

Al, 

Uhm...

The current way OWA with SSL works is when you go to
https://owa.smoothrunnings.ca/exchanage you will be prompted to accept
the cert. 

Once you accept the cert you then see the OWA login page. You login and
your done..

okay got it?

RPC over HTTP does not prompt the user to accept the cert, it assumes
the user has installed the cert into their computer.. ie in Certificates
for the local computer -> Certificates -> Personal

If you go to your certs machine and type: http://IP/certsrv and login
and choose "download a CA certificate....blah...blah..." and then click
on "Install this CA..blah blah" on the next page the CA will be
installed on the machine you are using to access certsrv. 

Thus when you go to owa.sitename.com/exchange which you just installed
the cert for you will NOT be prompted for the cert. Thus when you use
RPC over HTTP you WILL connect to the exchange server.

I simply don't want users to have access to /certsrv, I would rather
create or used part of the certcarc.asp code (which installs the cert on
your machine) to create a new page which users who are currently using
my email services can access to install the cert on their personal
computers.

I am just trying to figure out if there is a easier way to go about it,
since I don't want to waste my friends time in dismantling Microsoft's
ASP code! :)

Andrew

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] 
Sent: Monday, March 07, 2005 4:40 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Certification Question

http://www.MSExchange.org/

Ok.  So you want them to get the cert and install it in the store, a la
the
way that you get prompted for an untrusted cert on an IIS page in IE,
only
not prompt them for it correct? Basically handle the warnings etc in
another
way than a popup else let the popup occur in your process (in other
words,
let the user browse to the secure site that tells them how to set this
up
and have them insert it in the trusted store or offer a script that does
this for them (I opt for the previous: letting them see the cert popup,
and
telling them to accept it and install the cert vs. automating it.  For
many
reasons including technical and security reasons).


I think there are all kinds of issues with doing this, such as the user
has
to be able to write to the trusted store etc.  However, I believe this
is
the concept you're looking for:

http://support.microsoft.com/kb/297681


Let me know if I missed the concept totally.

al 

Other related posts:

• » Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question
• » RE: Certification Question

1. Home
2. exchangelist
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---