[isalist] Re: Cert for OWA
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 20 May 2006 10:03:17 -0500
http://www.ISAserver.org
-------------------------------------------------------
You can use the same listener for many rules.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> Sent: Saturday, May 20, 2006 10:05 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Cert for OWA
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> If I create the website publishing rule for the website, am I able to
> create an Mail server publishing rule for OWA using the same cert?
>
> Andrew
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, May 20, 2006 10:11 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Cert for OWA
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I read someone that application layer inspection firewalls
> are actually
> able to take information in the application layer headers and data and
> make intelligent decisions based on that data. Yes, I remember now, I
> wrote a 1000+ book about it and the solution is in there. Go
> to the Web
> Publishing chapter. You'll solve all these SSL problems and
> the current
> one.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> > Sent: Saturday, May 20, 2006 9:13 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Cert for OWA
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Yes but if the request is for the following website is
> > www.autosoldnow.com how does it know under the web server publishing
> > rule that anything with /exchange goes to serverA while
> anything with
> > /ssapp/asn.html goes to serverB?
> >
> > Andrew
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Jim Harrison
> > Sent: Saturday, May 20, 2006 2:06 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Cert for OWA
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > You
> > Don't
> >
> > You create two separate rules, Andy.
> >
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Andrew English
> > Sent: Friday, May 19, 2006 20:49
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Cert for OWA
> >
> > Uhm okay Jim so how to I tell ISA the following under one
> > server publish
> > website rule?
> >
> >
> >
> > https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10
> >
> > https://www.autsoldnow.com/exchange goes to 192.168.1.2
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Jim Harrison
> > Sent: Friday, May 19, 2006 9:05 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > http://www.ISAserver.org
> >
> > -------------------------------------------------------
> >
> >
> >
> > ..so don't use the same listener for both sites.
> >
> > C'mon, Andy - take a moment to think it through.
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Andrew English
> >
> > Sent: Friday, May 19, 2006 4:38 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > http://www.ISAserver.org
> >
> > -------------------------------------------------------
> >
> >
> >
> >
> >
> > The problem Jim is there web site doesn't use IIS it uses
> > Jboss which is
> >
> > a Java Application Server, normally Jboss sits on Tomcat
> but this time
> >
> > around there isn't any Tomcat running so I am not sure what
> the script
> >
> > kiddies have done. There is no Tomcat server running under
> > services.msc,
> >
> > there is no apache running anywhere, it all runs from one box.
> >
> >
> >
> > The second box of course runs Exchange 2003 on top of AD
> which doesn't
> >
> > want swing for me without telling me that the version of AD
> is not the
> >
> > same as the other 2003 server even though I raised the domain
> > and forest
> >
> > levels to 2003.
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Jim Harrison
> >
> > Sent: Friday, May 19, 2006 5:59 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > http://www.ISAserver.org
> >
> > -------------------------------------------------------
> >
> >
> >
> > This is called "redirect to HTTPS" and is supported in IIS.
> >
> > You can even do it with ISA if you use the isa_redirects package I
> >
> > built.
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> >
> > Jim Harrison
> >
> > MCP(NT4, W2K), A+, Network+, PCG
> >
> > http://isaserver.org/Jim_Harrison/
> >
> > http://isatools.org
> >
> > Read the help / books / articles!
> >
> > -------------------------------------------------------
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Andrew English
> >
> > Sent: Friday, May 19, 2006 15:08
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > http://www.ISAserver.org
> >
> > -------------------------------------------------------
> >
> >
> >
> >
> >
> > As for OWA we are in the process of buying a separate cert
> > for that. As
> >
> > before what was happening is the had their Linux box
> flipping the HTTP
> >
> > to HTTPS for both the web and exchange site which both run on two
> >
> > different LAN servers. Since the dealers themselves are too computer
> >
> > illiterate to know what Internet Explorer is let alone where
> > the Address
> >
> > bar is located we had to keep the cert for the web site and
> > flip to HTTP
> >
> > so that portions of the site what stopped working when the cert was
> >
> > originally installed can function normally again.
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Jim Harrison
> >
> > Sent: Friday, May 19, 2006 5:47 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > http://www.ISAserver.org
> >
> > -------------------------------------------------------
> >
> >
> >
> > ..then the subject is irrelevant to the question?
> >
> > "Cert for OWA" seems to indicate to the rest of us that
> this was about
> >
> > OWA publishing.
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> >
> > Jim Harrison
> >
> > MCP(NT4, W2K), A+, Network+, PCG
> >
> > http://isaserver.org/Jim_Harrison/
> >
> > http://isatools.org
> >
> > Read the help / books / articles!
> >
> > -------------------------------------------------------
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Andrew English
> >
> > Sent: Friday, May 19, 2006 14:49
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > Ah no.
> >
> >
> >
> >
> >
> >
> >
> > The username and passwords are only contained within the
> site itself,
> >
> > they are not associated to AD in anyway shape or form. So if someone
> >
> > wants to see what dealerA has sold on the network be my guess, but
> >
> > they're login name and password don't work where else but on the
> >
> > website.
> >
> >
> >
> >
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ________________________________
> >
> >
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> >
> > On Behalf Of Mark Morgan
> >
> > Sent: Friday, May 19, 2006 5:18 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> >
> >
> >
> >
> > It really does not mater if there is not personal or
> confidential info
> >
> > on the site, if you pass the user id and password via http the user
> >
> > domain credentials can be compromised, which someone could
> then use to
> >
> > login to VPN etc.
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> >
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English
> >
> > Sent: Friday, May 19, 2006 12:56 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: RE: [isalist] Re: Cert for OWA
> >
> >
> >
> > Hi Gerald,
> >
> >
> >
> >
> >
> >
> >
> > Thanks for the bit of information as it never
> > crossed my mind
> >
> > that without SSL installed usernames and passwords are sent in clear
> >
> > text format.
> >
> >
> >
> >
> >
> >
> >
> > Actually the site is more broken with the SSL
> > enabled then it
> > is
> >
> > without it. So I am not too worried as it changing to a different
> >
> > front-end/back-end within the coming months which will
> switch back to
> >
> > using SSL. It's more important if people can access the
> site correctly
> >
> > now then to have them calling us everyday asking what's
> wrong, and yes
> >
> > we are aware the trade off it has, but since the site
> doesn't contain
> >
> > and personal or confidential information we are not too
> > worried about.
> >
> >
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ________________________________
> >
> >
> >
> >
> >
> > From: isalist-bounce@xxxxxxxxxxxxx on behalf of
> > Young, Gerald
> > G
> >
> > Sent: Fri 19/05/2006 3:16 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: [isalist] Re: Cert for OWA
> >
> >
> >
> > How are you connecting then?
> >
> >
> >
> >
> >
> >
> >
> > https:// is for SSL.
> >
> >
> >
> > http:// does not use SSL or the certificate you just
> > installed.
> >
> >
> >
> >
> >
> >
> >
> > I hope you're not planning on authenticating
> users over just
> > an
> >
> > http connection: the username and password will be sent in
> clear text
> >
> > that anyone can grab should they be listening.
> >
> >
> >
> > Cordially yours,
> >
> > Jerry G. Young II
> >
> > MCSE (4.0/W2K)
> >
> > Atlanta EES Implementation Team Lead
> >
> > ECNS Microsoft Engineering
> >
> > Unisys
> >
> >
> >
> > 11493 Sunset Hills Rd.
> >
> > Reston, VA 20190
> >
> > Office: 703-579-2727
> >
> > Cell: 703-625-1468
> >
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL
> AND/OR OTHERWISE
> >
> > PROPRIETARY MATERIAL and is thus for use only by the intended
> > recipient.
> >
> > If you received this in error, please contact the sender and
> > delete the
> >
> > e-mail and its attachments from all computers.
> >
> >
> >
> >
> >
> > ________________________________
> >
> >
> >
> >
> >
> > From: isalist-bounce@xxxxxxxxxxxxx
> >
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> >
> > Sent: Friday, May 19, 2006 3:08 PM
> >
> > To: isalist@xxxxxxxxxxxxx
> >
> > Subject: RE: [isalist] Re: Cert for OWA
> >
> >
> >
> >
> >
> >
> >
> > I figured it out.. After I exported the SSL cert to pfx on
> > IIS6
> >
> > and imported it into ISA I was able to surf to the site,
> however I had
> >
> > enabled SSL on the webpage and for some reason it was
> telling me I had
> >
> > to https:// to the site which I was doing, as soon as I removed the
> >
> > (required SSL) from the web site I was able to access it.
> > Then I applied
> >
> > the html I had to redirect the site back to http. (grin)
> >
> >
> >
> >
> >
> >
> >
> > Thanks for those who helped I really do appreciate it!
> >
> >
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> > No virus found in this incoming message.
> >
> > Checked by AVG Free Edition.
> >
> > Version: 7.1.392 / Virus Database: 268.6.1/343 -
> > Release Date:
> >
> > 5/18/2006
> >
> >
> >
> >
> >
> > --
> >
> > No virus found in this outgoing message.
> >
> > Checked by AVG Free Edition.
> >
> > Version: 7.1.392 / Virus Database: 268.6.1/343 - Release
> > Date: 5/18/2006
> >
> >
> >
> >
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> > ------------------------------------------------------
> >
> > List Archives: //www.freelists.org/archives/isalist/
> >
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >
> > ISA Server Articles and Tutorials:
> >
> > http://www.isaserver.org/articles_tutorials/
> >
> > ISA Server Blogs: http://blogs.isaserver.org/
> >
> > ------------------------------------------------------
> >
> > Visit TechGenix.com for more information about our other sites:
> >
> > http://www.techgenix.com
> >
> > ------------------------------------------------------
> >
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> >
> > List Archives: //www.freelists.org/archives/isalist/
> >
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >
> > ISA Server Articles and Tutorials:
> >
> > http://www.isaserver.org/articles_tutorials/
> >
> > ISA Server Blogs: http://blogs.isaserver.org/
> >
> > ------------------------------------------------------
> >
> > Visit TechGenix.com for more information about our other sites:
> >
> > http://www.techgenix.com
> >
> > ------------------------------------------------------
> >
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> > ------------------------------------------------------
> >
> > List Archives: //www.freelists.org/archives/isalist/
> >
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> >
> > ISA Server Articles and Tutorials:
> >
> > http://www.isaserver.org/articles_tutorials/
> >
> > ISA Server Blogs: http://blogs.isaserver.org/
> >
> > ------------------------------------------------------
> >
> > Visit TechGenix.com for more information about our other sites:
> >
> > http://www.techgenix.com
> >
> > ------------------------------------------------------
> >
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> >
> > List Archives: //www.freelists.org/archives/isalist/
> >
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> >
> > ISA Server Articles and Tutorials:
> >
> > http://www.isaserver.org/articles_tutorials/
> >
> > ISA Server Blogs: http://blogs.isaserver.org/
> >
> > ------------------------------------------------------
> >
> > Visit TechGenix.com for more information about our other sites:
> >
> > http://www.techgenix.com
> >
> > ------------------------------------------------------
> >
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> > ------------------------------------------------------
> >
> > List Archives: //www.freelists.org/archives/isalist/
> >
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> >
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> >
> > ISA Server Blogs: http://blogs.isaserver.org/
> >
> > ------------------------------------------------------
> >
> > Visit TechGenix.com for more information about our other sites:
> >
> > http://www.techgenix.com
> >
> > ------------------------------------------------------
> >
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
