[isalist] Re: Cert for OWA
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 22 May 2006 11:17:41 -0700
http://www.ISAserver.org
-------------------------------------------------------
Three shall be the number of the counting, and the number of the counting
shall be "three."
t
On 5/22/06 7:21 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I see your cornfussion.
>
> You don't bind the listener to separate paths; you use the same listener
> for two separate rules that use the pat to distinguish between web
> sites.
> Also, you can't associate web listeners with anything but web publishing
> rules. Thus, the access rule idea is right out.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Young, Gerald G
> Sent: Monday, May 22, 2006 7:05 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Cert for OWA
>
> This has been an interesting thread to follow. My head is still
> spinning.
>
>
>
> For the time being, I'll leave the binding same listener to two
> different paths alone; that's a bit confusing for me still. ;)
>
>
>
> Andy, here is what I would do in your case. You essentially have two
> sites. One for static content - from the sounds of it - and one for
> OWA. Rather than trying to tie the same www.domain.com to two different
> paths I'd make it a bit simpler. For your static content, I'd use
> www.domain.com. For your OWA content, I'd use something like
> webmail.domain.com. This would end up with two separate access rules.
> If you wanted only one cert to be used for both, you could get a
> wildcard cert for *.domain.com, tie that to a single listener that is
> then used by both access rules.
>
>
>
> Just my $.02 but I hope this might help you.
>
> Cordially yours,
> Jerry G. Young II
> MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Andrew English
> Sent: Saturday, May 20, 2006 12:58 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Cert for OWA
>
>
>
> LOL
>
>
>
> Mail Server Publishing Wizard creates a rule in your firewall Polices
> right? Sure you need to use the wizard to create the rule, but in the
> end it's a rule not a wizard.
>
>
>
> Is it possible to publish a web server using a cert for www.domain.com
> for www.domain.com/sitefolder/index.html to LAN IP 192.168.1.1 while
> using the "Mail Server Publishing Wizard" to create the OWA rule to
> publish OWA via SSL www.domain.com for www.domain.com/exchange on LAN IP
> 192.168.1.2 ??
>
>
>
> Andrew
>
>
>
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, May 20, 2006 12:44 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Cert for OWA
>
>
>
> http://www.ISAserver.org
>
> -------------------------------------------------------
>
>
>
> THIS IS NO SUCH THING AS A MAIL SERVER PUBLISHING RULE. GOT IT???????
>
>
>
> If the question is "can I created two Web Publishing Rules" the answer
>
> is yes.
>
>
>
> Thomas W Shinder, M.D.
>
> Site: www.isaserver.org
>
> Blog: http://blogs.isaserver.org/shinder/
>
> Book: http://tinyurl.com/3xqb7
>
> MVP -- ISA Firewalls
>
>
>
>
>
>
>
>> -----Original Message-----
>
>> From: isalist-bounce@xxxxxxxxxxxxx
>
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
>
>> Sent: Saturday, May 20, 2006 11:47 AM
>
>> To: isalist@xxxxxxxxxxxxx
>
>> Subject: [isalist] Re: Cert for OWA
>
>>
>
>> http://www.ISAserver.org
>
>> -------------------------------------------------------
>
>>
>
>> Okay smart ass.
>
>>
>
>> It is possible to publish a web site on https on www.domain.com at the
>
>> same time publish OWA using the mail server publishing rule
>
>> on the same
>
>> cert, yet both machines on the LAN are in different places?
>
>>
>
>> Andrew
>
>>
>
>>
>
>> -----Original Message-----
>
>> From: isalist-bounce@xxxxxxxxxxxxx
>
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>> On Behalf Of Thomas W Shinder
>
>> Sent: Saturday, May 20, 2006 12:32 PM
>
>> To: isalist@xxxxxxxxxxxxx
>
>> Subject: [isalist] Re: Cert for OWA
>
>>
>
>> http://www.ISAserver.org
>
>> -------------------------------------------------------
>
>>
>
>> What do you mean by "publishing a mail server"?
>
>>
>
>> It's a meaningless phrase, like "open a port".
>
>>
>
>> Thomas W Shinder, M.D.
>
>> Site: www.isaserver.org
>
>> Blog: http://blogs.isaserver.org/shinder/
>
>> Book: http://tinyurl.com/3xqb7
>
>> MVP -- ISA Firewalls
>
>>
>
>>
>
>>
>
>>> -----Original Message-----
>
>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
>
>>> Sent: Saturday, May 20, 2006 11:17 AM
>
>>> To: isalist@xxxxxxxxxxxxx
>
>>> Subject: [isalist] Re: Cert for OWA
>
>>>
>
>>> http://www.ISAserver.org
>
>>> -------------------------------------------------------
>
>>>
>
>>> Your very good at twisting things around aren't you Tom
>
>> when you know
>
>>> very well the point I was getting across in the first place.
>
>>> So are you
>
>>> saying that I can publish the web server and mail server on
>
>>> the same URL
>
>>> and Cert?
>
>>>
>
>>> Andrew
>
>>>
>
>>>
>
>>> -----Original Message-----
>
>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>> On Behalf Of Thomas W Shinder
>
>>> Sent: Saturday, May 20, 2006 11:58 AM
>
>>> To: isalist@xxxxxxxxxxxxx
>
>>> Subject: [isalist] Re: Cert for OWA
>
>>>
>
>>> http://www.ISAserver.org
>
>>> -------------------------------------------------------
>
>>>
>
>>> For inbound connections, there are only Web Publishing Rules
>
>>> and Server
>
>>> Publishing Rules
>
>>>
>
>>> There is no "mail server publishing rule" although there
>
>>> might be a Mail
>
>>> Server Publishing Wizard.
>
>>>
>
>>> Thomas W Shinder, M.D.
>
>>> Site: www.isaserver.org
>
>>> Blog: http://blogs.isaserver.org/shinder/
>
>>> Book: http://tinyurl.com/3xqb7
>
>>> MVP -- ISA Firewalls
>
>>>
>
>>>
>
>>>
>
>>>> -----Original Message-----
>
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
>
>>>> Sent: Saturday, May 20, 2006 10:55 AM
>
>>>> To: isalist@xxxxxxxxxxxxx
>
>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>
>
>>>> http://www.ISAserver.org
>
>>>> -------------------------------------------------------
>
>>>>
>
>>>>
>
>>>> The OWA site is a mail publishing rule. It use have FBA. The
>
>>>> other site
>
>>>> I agree is not a mail publishing rule thus would require the
>
>>>> web server
>
>>>> publishing rule but can both be run off the same URL,
>
>>>> different servers
>
>>>> with different paths?
>
>>>>
>
>>>> Andrew
>
>>>>
>
>>>>
>
>>>> -----Original Message-----
>
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>> On Behalf Of Jim Harrison
>
>>>> Sent: Saturday, May 20, 2006 11:31 AM
>
>>>> To: isalist@xxxxxxxxxxxxx
>
>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>
>
>>>> http://www.ISAserver.org
>
>>>> -------------------------------------------------------
>
>>>>
>
>>>> Must using different path in each rule.
>
>>>> Don't use the mail server publishing rule for non-mail websites.
>
>>>> Create a new rule and specify only the app pat in that rule.
>
>>>>
>
>>>> -----Original Message-----
>
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>> On Behalf Of Andrew English
>
>>>> Sent: Saturday, May 20, 2006 8:05 AM
>
>>>> To: isalist@xxxxxxxxxxxxx
>
>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>
>
>>>> http://www.ISAserver.org
>
>>>> -------------------------------------------------------
>
>>>>
>
>>>> If I create the website publishing rule for the website, am
>
>>> I able to
>
>>>> create an Mail server publishing rule for OWA using the same cert?
>
>>>>
>
>>>> Andrew
>
>>>>
>
>>>>
>
>>>> -----Original Message-----
>
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>> On Behalf Of Thomas W Shinder
>
>>>> Sent: Saturday, May 20, 2006 10:11 AM
>
>>>> To: isalist@xxxxxxxxxxxxx
>
>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>
>
>>>> http://www.ISAserver.org
>
>>>> -------------------------------------------------------
>
>>>>
>
>>>> I read someone that application layer inspection firewalls
>
>>>> are actually
>
>>>> able to take information in the application layer headers
>
>>> and data and
>
>>>> make intelligent decisions based on that data. Yes, I
>
>>> remember now, I
>
>>>> wrote a 1000+ book about it and the solution is in there. Go
>
>>>> to the Web
>
>>>> Publishing chapter. You'll solve all these SSL problems and
>
>>>> the current
>
>>>> one.
>
>>>>
>
>>>> Thomas W Shinder, M.D.
>
>>>> Site: www.isaserver.org
>
>>>> Blog: http://blogs.isaserver.org/shinder/
>
>>>> Book: http://tinyurl.com/3xqb7
>
>>>> MVP -- ISA Firewalls
>
>>>>
>
>>>>
>
>>>>
>
>>>>> -----Original Message-----
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
>
>> Andrew English
>
>>>>> Sent: Saturday, May 20, 2006 9:13 AM
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>> Yes but if the request is for the following website is
>
>>>>> www.autosoldnow.com how does it know under the web server
>
>>> publishing
>
>>>>> rule that anything with /exchange goes to serverA while
>
>>>> anything with
>
>>>>> /ssapp/asn.html goes to serverB?
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>> On Behalf Of Jim Harrison
>
>>>>> Sent: Saturday, May 20, 2006 2:06 AM
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>> You
>
>>>>> Don't
>
>>>>>
>
>>>>> You create two separate rules, Andy.
>
>>>>>
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>> Jim Harrison
>
>>>>> MCP(NT4, W2K), A+, Network+, PCG
>
>>>>> http://isaserver.org/Jim_Harrison/
>
>>>>> http://isatools.org
>
>>>>> Read the help / books / articles!
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>> On Behalf Of Andrew English
>
>>>>> Sent: Friday, May 19, 2006 20:49
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>> Uhm okay Jim so how to I tell ISA the following under one
>
>>>>> server publish
>
>>>>> website rule?
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10
>
>>>>>
>
>>>>> https://www.autsoldnow.com/exchange goes to 192.168.1.2
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>> On Behalf Of Jim Harrison
>
>>>>> Sent: Friday, May 19, 2006 9:05 PM
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ..so don't use the same listener for both sites.
>
>>>>>
>
>>>>> C'mon, Andy - take a moment to think it through.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Andrew English
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 4:38 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> The problem Jim is there web site doesn't use IIS it uses
>
>>>>> Jboss which is
>
>>>>>
>
>>>>> a Java Application Server, normally Jboss sits on Tomcat
>
>>>> but this time
>
>>>>>
>
>>>>> around there isn't any Tomcat running so I am not sure what
>
>>>> the script
>
>>>>>
>
>>>>> kiddies have done. There is no Tomcat server running under
>
>>>>> services.msc,
>
>>>>>
>
>>>>> there is no apache running anywhere, it all runs from one box.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> The second box of course runs Exchange 2003 on top of AD
>
>>>> which doesn't
>
>>>>>
>
>>>>> want swing for me without telling me that the version of AD
>
>>>> is not the
>
>>>>>
>
>>>>> same as the other 2003 server even though I raised the domain
>
>>>>> and forest
>
>>>>>
>
>>>>> levels to 2003.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Jim Harrison
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 5:59 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> This is called "redirect to HTTPS" and is supported in IIS.
>
>>>>>
>
>>>>> You can even do it with ISA if you use the
>
>> isa_redirects package I
>
>>>>>
>
>>>>> built.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>> Jim Harrison
>
>>>>>
>
>>>>> MCP(NT4, W2K), A+, Network+, PCG
>
>>>>>
>
>>>>> http://isaserver.org/Jim_Harrison/
>
>>>>>
>
>>>>> http://isatools.org
>
>>>>>
>
>>>>> Read the help / books / articles!
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Andrew English
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 15:08
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> As for OWA we are in the process of buying a separate cert
>
>>>>> for that. As
>
>>>>>
>
>>>>> before what was happening is the had their Linux box
>
>>>> flipping the HTTP
>
>>>>>
>
>>>>> to HTTPS for both the web and exchange site which both
>
>> run on two
>
>>>>>
>
>>>>> different LAN servers. Since the dealers themselves are
>
>>> too computer
>
>>>>>
>
>>>>> illiterate to know what Internet Explorer is let alone where
>
>>>>> the Address
>
>>>>>
>
>>>>> bar is located we had to keep the cert for the web site and
>
>>>>> flip to HTTP
>
>>>>>
>
>>>>> so that portions of the site what stopped working when
>
>>> the cert was
>
>>>>>
>
>>>>> originally installed can function normally again.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Jim Harrison
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 5:47 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http://www.ISAserver.org
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ..then the subject is irrelevant to the question?
>
>>>>>
>
>>>>> "Cert for OWA" seems to indicate to the rest of us that
>
>>>> this was about
>
>>>>>
>
>>>>> OWA publishing.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>> Jim Harrison
>
>>>>>
>
>>>>> MCP(NT4, W2K), A+, Network+, PCG
>
>>>>>
>
>>>>> http://isaserver.org/Jim_Harrison/
>
>>>>>
>
>>>>> http://isatools.org
>
>>>>>
>
>>>>> Read the help / books / articles!
>
>>>>>
>
>>>>> -------------------------------------------------------
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Andrew English
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 14:49
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Ah no.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> The username and passwords are only contained within the
>
>>>> site itself,
>
>>>>>
>
>>>>> they are not associated to AD in anyway shape or form. So
>
>>> if someone
>
>>>>>
>
>>>>> wants to see what dealerA has sold on the network be my
>
>> guess, but
>
>>>>>
>
>>>>> they're login name and password don't work where else but on the
>
>>>>>
>
>>>>> website.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ________________________________
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>
>>>>>
>
>>>>> On Behalf Of Mark Morgan
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 5:18 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> It really does not mater if there is not personal or
>
>>>> confidential info
>
>>>>>
>
>>>>> on the site, if you pass the user id and password via
>
>>> http the user
>
>>>>>
>
>>>>> domain credentials can be compromised, which someone could
>
>>>> then use to
>
>>>>>
>
>>>>> login to VPN etc.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> -----Original Message-----
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 12:56 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: RE: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Hi Gerald,
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Thanks for the bit of information as it never
>
>>>>> crossed my mind
>
>>>>>
>
>>>>> that without SSL installed usernames and passwords are
>
>>> sent in clear
>
>>>>>
>
>>>>> text format.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Actually the site is more broken with the SSL
>
>>>>> enabled then it
>
>>>>> is
>
>>>>>
>
>>>>> without it. So I am not too worried as it changing to a
>
>> different
>
>>>>>
>
>>>>> front-end/back-end within the coming months which will
>
>>>> switch back to
>
>>>>>
>
>>>>> using SSL. It's more important if people can access the
>
>>>> site correctly
>
>>>>>
>
>>>>> now then to have them calling us everyday asking what's
>
>>>> wrong, and yes
>
>>>>>
>
>>>>> we are aware the trade off it has, but since the site
>
>>>> doesn't contain
>
>>>>>
>
>>>>> and personal or confidential information we are not too
>
>>>>> worried about.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Regards,
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ________________________________
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of
>
>>>>> Young, Gerald
>
>>>>> G
>
>>>>>
>
>>>>> Sent: Fri 19/05/2006 3:16 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> How are you connecting then?
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> https:// is for SSL.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> http:// does not use SSL or the certificate you just
>
>>>>> installed.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> I hope you're not planning on authenticating
>
>>>> users over just
>
>>>>> an
>
>>>>>
>
>>>>> http connection: the username and password will be sent in
>
>>>> clear text
>
>>>>>
>
>>>>> that anyone can grab should they be listening.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Cordially yours,
>
>>>>>
>
>>>>> Jerry G. Young II
>
>>>>>
>
>>>>> MCSE (4.0/W2K)
>
>>>>>
>
>>>>> Atlanta EES Implementation Team Lead
>
>>>>>
>
>>>>> ECNS Microsoft Engineering
>
>>>>>
>
>>>>> Unisys
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> 11493 Sunset Hills Rd.
>
>>>>>
>
>>>>> Reston, VA 20190
>
>>>>>
>
>>>>> Office: 703-579-2727
>
>>>>>
>
>>>>> Cell: 703-625-1468
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL
>
>>>> AND/OR OTHERWISE
>
>>>>>
>
>>>>> PROPRIETARY MATERIAL and is thus for use only by the intended
>
>>>>> recipient.
>
>>>>>
>
>>>>> If you received this in error, please contact the sender and
>
>>>>> delete the
>
>>>>>
>
>>>>> e-mail and its attachments from all computers.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ________________________________
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> From: isalist-bounce@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
>
>> Andrew English
>
>>>>>
>
>>>>> Sent: Friday, May 19, 2006 3:08 PM
>
>>>>>
>
>>>>> To: isalist@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> Subject: RE: [isalist] Re: Cert for OWA
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> I figured it out.. After I exported the SSL
>
>>> cert to pfx on
>
>>>>> IIS6
>
>>>>>
>
>>>>> and imported it into ISA I was able to surf to the site,
>
>>>> however I had
>
>>>>>
>
>>>>> enabled SSL on the webpage and for some reason it was
>
>>>> telling me I had
>
>>>>>
>
>>>>> to https:// to the site which I was doing, as soon as I
>
>>> removed the
>
>>>>>
>
>>>>> (required SSL) from the web site I was able to access it.
>
>>>>> Then I applied
>
>>>>>
>
>>>>> the html I had to redirect the site back to http. (grin)
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Thanks for those who helped I really do appreciate it!
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Regards,
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> Andrew
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> --
>
>>>>>
>
>>>>> No virus found in this incoming message.
>
>>>>>
>
>>>>> Checked by AVG Free Edition.
>
>>>>>
>
>>>>> Version: 7.1.392 / Virus Database: 268.6.1/343 -
>
>>>>> Release Date:
>
>>>>>
>
>>>>> 5/18/2006
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> --
>
>>>>>
>
>>>>> No virus found in this outgoing message.
>
>>>>>
>
>>>>> Checked by AVG Free Edition.
>
>>>>>
>
>>>>> Version: 7.1.392 / Virus Database: 268.6.1/343 - Release
>
>>>>> Date: 5/18/2006
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> All mail to and from this domain is GFI-scanned.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>>
>
>>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>>
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>>
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>>
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>>
>
>>>>> http://www.techgenix.com
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>>
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>>
>
>>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>>
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>>
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>>
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>>
>
>>>>> http://www.techgenix.com
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>>
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> All mail to and from this domain is GFI-scanned.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>>
>
>>>>> ISA Server Newsletter:
>
>>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>>
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>>
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>>
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>>
>
>>>>> http://www.techgenix.com
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>>
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>>
>
>>>>> ISA Server Newsletter:
>
>>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>>
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>>
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>>
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>>
>
>>>>> http://www.techgenix.com
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>>
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> All mail to and from this domain is GFI-scanned.
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>>
>
>>>>> ISA Server Newsletter:
>
>>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>>
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>>
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>>
>
>>>>> http://www.techgenix.com
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>>
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>>
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>>> All mail to and from this domain is GFI-scanned.
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>> ISA Server Newsletter:
>
>>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>> ------------------------------------------------------
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>> http://www.techgenix.com
>
>>>>> ------------------------------------------------------
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>> ------------------------------------------------------
>
>>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>>> ISA Server Newsletter:
>
>>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>>> ISA Server Articles and Tutorials:
>
>>>>> http://www.isaserver.org/articles_tutorials/
>
>>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>>> ------------------------------------------------------
>
>>>>> Visit TechGenix.com for more information about our other sites:
>
>>>>> http://www.techgenix.com
>
>>>>> ------------------------------------------------------
>
>>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>>
>
>>>>>
>
>>>>>
>
>>>> ------------------------------------------------------
>
>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>> ISA Server Articles and Tutorials:
>
>>>> http://www.isaserver.org/articles_tutorials/
>
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>> ------------------------------------------------------
>
>>>> Visit TechGenix.com for more information about our other sites:
>
>>>> http://www.techgenix.com
>
>>>> ------------------------------------------------------
>
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>
>
>>>> ------------------------------------------------------
>
>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>> ISA Server Articles and Tutorials:
>
>>>> http://www.isaserver.org/articles_tutorials/
>
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>> ------------------------------------------------------
>
>>>> Visit TechGenix.com for more information about our other sites:
>
>>>> http://www.techgenix.com
>
>>>> ------------------------------------------------------
>
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>
>
>>>>
>
>>>> All mail to and from this domain is GFI-scanned.
>
>>>>
>
>>>> ------------------------------------------------------
>
>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>> ISA Server Articles and Tutorials:
>
>>>> http://www.isaserver.org/articles_tutorials/
>
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>> ------------------------------------------------------
>
>>>> Visit TechGenix.com for more information about our other sites:
>
>>>> http://www.techgenix.com
>
>>>> ------------------------------------------------------
>
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>
>
>>>> ------------------------------------------------------
>
>>>> List Archives: //www.freelists.org/archives/isalist/
>
>>>> ISA Server Newsletter:
>
>>> http://www.isaserver.org/pages/newsletter.asp
>
>>>> ISA Server Articles and Tutorials:
>
>>>> http://www.isaserver.org/articles_tutorials/
>
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>>> ------------------------------------------------------
>
>>>> Visit TechGenix.com for more information about our other sites:
>
>>>> http://www.techgenix.com
>
>>>> ------------------------------------------------------
>
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>>
>
>>>>
>
>>>>
>
>>> ------------------------------------------------------
>
>>> List Archives: //www.freelists.org/archives/isalist/
>
>>> ISA Server Newsletter:
>
>> http://www.isaserver.org/pages/newsletter.asp
>
>>> ISA Server Articles and Tutorials:
>
>>> http://www.isaserver.org/articles_tutorials/
>
>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>> ------------------------------------------------------
>
>>> Visit TechGenix.com for more information about our other sites:
>
>>> http://www.techgenix.com
>
>>> ------------------------------------------------------
>
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>
>
>>> ------------------------------------------------------
>
>>> List Archives: //www.freelists.org/archives/isalist/
>
>>> ISA Server Newsletter:
>
>> http://www.isaserver.org/pages/newsletter.asp
>
>>> ISA Server Articles and Tutorials:
>
>>> http://www.isaserver.org/articles_tutorials/
>
>>> ISA Server Blogs: http://blogs.isaserver.org/
>
>>> ------------------------------------------------------
>
>>> Visit TechGenix.com for more information about our other sites:
>
>>> http://www.techgenix.com
>
>>> ------------------------------------------------------
>
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>>
>
>>>
>
>>>
>
>> ------------------------------------------------------
>
>> List Archives: //www.freelists.org/archives/isalist/
>
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>
>> ISA Server Articles and Tutorials:
>
>> http://www.isaserver.org/articles_tutorials/
>
>> ISA Server Blogs: http://blogs.isaserver.org/
>
>> ------------------------------------------------------
>
>> Visit TechGenix.com for more information about our other sites:
>
>> http://www.techgenix.com
>
>> ------------------------------------------------------
>
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>
>
>> ------------------------------------------------------
>
>> List Archives: //www.freelists.org/archives/isalist/
>
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>
>> ISA Server Articles and Tutorials:
>
>> http://www.isaserver.org/articles_tutorials/
>
>> ISA Server Blogs: http://blogs.isaserver.org/
>
>> ------------------------------------------------------
>
>> Visit TechGenix.com for more information about our other sites:
>
>> http://www.techgenix.com
>
>> ------------------------------------------------------
>
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
>> Report abuse to listadmin@xxxxxxxxxxxxx
>
>>
>
>>
>
>>
>
> ------------------------------------------------------
>
> List Archives: //www.freelists.org/archives/isalist/
>
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
>
> ISA Server Blogs: http://blogs.isaserver.org/
>
> ------------------------------------------------------
>
> Visit TechGenix.com for more information about our other sites:
>
> http://www.techgenix.com
>
> ------------------------------------------------------
>
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
