[isalist] Re: Cert for OWA
- From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 19 May 2006 18:00:17 -0400
Steve,
Thank you for your input however everything is under control even the
industry I have chosen to belong to.
Andrew
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Moffat
Sent: Friday, May 19, 2006 5:05 PM
To: ISA Mailing List
Subject: [isalist] Re: Cert for OWA
Andrew
You are doing your client a disservice in removing the ssl capability of
their website. Have you explained to them the pitfalls of only using
http, especially if confidential information is being passed. Would
submitting the bids not be deemed confidential?
Perhaps, as you don't seem to have any success in anything that you
attempt for your clients, it is time to reconsider the industry that you
have chosen to belong to.
Steve
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andrew English
Sent: Friday, May 19, 2006 4:56 PM
To: ISA Mailing List
Subject: RE: [isalist] Re: Cert for OWA
Hi Gerald,
Thanks for the bit of information as it never crossed my mind that
without SSL installed usernames and passwords are sent in clear text
format.
Actually the site is more broken with the SSL enabled then it is without
it. So I am not too worried as it changing to a different
front-end/back-end within the coming months which will switch back to
using SSL. It's more important if people can access the site correctly
now then to have them calling us everyday asking what's wrong, and yes
we are aware the trade off it has, but since the site doesn't contain
and personal or confidential information we are not too worried about.
Regards,
Andrew
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Young, Gerald G
Sent: Fri 19/05/2006 3:16 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Cert for OWA
How are you connecting then?
https:// is for SSL.
http:// does not use SSL or the certificate you just installed.
I hope you're not planning on authenticating users over just an http
connection: the username and password will be sent in clear text that
anyone can grab should they be listening.
Cordially yours,
Jerry G. Young II
MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andrew English
Sent: Friday, May 19, 2006 3:08 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Cert for OWA
I figured it out.. After I exported the SSL cert to pfx on IIS6 and
imported it into ISA I was able to surf to the site, however I had
enabled SSL on the webpage and for some reason it was telling me I had
to https:// to the site which I was doing, as soon as I removed the
(required SSL) from the web site I was able to access it. Then I applied
the html I had to redirect the site back to http. (grin)
Thanks for those who helped I really do appreciate it!
Regards,
Andrew
Other related posts:
