When you put it that way (install it in the trusted store on the local machine without user intervention) suddenly it sounds like a big security issue. This pretty much circumvents the whole trusted root CA thing that people have worked so hard to establish, and why you get prompted to install, doesn't it? There's a reason a publicly trusted Cert costs so much - the 'trusting' part and security derived therein. The hoops folks have to jump through to make an internal CA trusted often seems to cost more than just buying the cert - just goes to show that 'cheapest' is often not really 'least expensive.' I've said before you can add your root CA as a trusted root using a GPO for your client systems, but I suspect you mean your external (i.e., non-employee) clients - in which case 'forcing' a trusted root onto them is probably an issue. On 3/7/05 2:28 PM, "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Some background? > > Where do you want to install the cert? > > Are you saying that this is a cert you created (that would be why the logon > to https://webserver/certsrv ) and you want to install it in the trusted > store on the local machine without user intervention? Or something else? > > Al > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Monday, March 07, 2005 12:40 PM > To: [ExchangeList] > Subject: [exchangelist] Certification Question > > http://www.MSExchange.org/ > > Does anyone know of away to build a page which will send a cert to a client > and give them instructions on how to setup outlook 2003 for RPC over HTTP? I > can do the instructions and security part I just need to know how I would > setup the "install CA" part without having them login into /certsrv and > complicate things. :) > > Thanks > Andrew > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > al.mulnick@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > rickb@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx
