http://www.ISAserver.org ------------------------------------------------------- ..and they fed upon the lambs, and the sloths... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland Sent: Monday, May 22, 2006 14:19 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Cert for OWA http://www.ISAserver.org ------------------------------------------------------- Five is right out! Greg Mulholland '"You make my software turn to hardware !" ----- Original Message ----- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> To: <isalist@xxxxxxxxxxxxx> Sent: Tuesday, May 23, 2006 4:17 AM Subject: [isalist] Re: Cert for OWA http://www.ISAserver.org ------------------------------------------------------- Three shall be the number of the counting, and the number of the counting shall be "three." t On 5/22/06 7:21 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > I see your cornfussion. > > You don't bind the listener to separate paths; you use the same listener > for two separate rules that use the pat to distinguish between web > sites. > Also, you can't associate web listeners with anything but web publishing > rules. Thus, the access rule idea is right out. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Young, Gerald G > Sent: Monday, May 22, 2006 7:05 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > This has been an interesting thread to follow. My head is still > spinning. > > > > For the time being, I'll leave the binding same listener to two > different paths alone; that's a bit confusing for me still. ;) > > > > Andy, here is what I would do in your case. You essentially have two > sites. One for static content - from the sounds of it - and one for > OWA. Rather than trying to tie the same www.domain.com to two different > paths I'd make it a bit simpler. For your static content, I'd use > www.domain.com. For your OWA content, I'd use something like > webmail.domain.com. This would end up with two separate access rules. > If you wanted only one cert to be used for both, you could get a > wildcard cert for *.domain.com, tie that to a single listener that is > then used by both access rules. > > > > Just my $.02 but I hope this might help you. > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > ECNS Microsoft Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Andrew English > Sent: Saturday, May 20, 2006 12:58 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > > > LOL > > > > Mail Server Publishing Wizard creates a rule in your firewall Polices > right? Sure you need to use the wizard to create the rule, but in the > end it's a rule not a wizard. > > > > Is it possible to publish a web server using a cert for www.domain.com > for www.domain.com/sitefolder/index.html to LAN IP 192.168.1.1 while > using the "Mail Server Publishing Wizard" to create the OWA rule to > publish OWA via SSL www.domain.com for www.domain.com/exchange on LAN IP > 192.168.1.2 ?? > > > > Andrew > > > > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Saturday, May 20, 2006 12:44 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Cert for OWA > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > THIS IS NO SUCH THING AS A MAIL SERVER PUBLISHING RULE. GOT IT??????? > > > > If the question is "can I created two Web Publishing Rules" the answer > > is yes. > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > >> -----Original Message----- > >> From: isalist-bounce@xxxxxxxxxxxxx > >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > >> Sent: Saturday, May 20, 2006 11:47 AM > >> To: isalist@xxxxxxxxxxxxx > >> Subject: [isalist] Re: Cert for OWA > >> > >> http://www.ISAserver.org > >> ------------------------------------------------------- > >> > >> Okay smart ass. > >> > >> It is possible to publish a web site on https on www.domain.com at the > >> same time publish OWA using the mail server publishing rule > >> on the same > >> cert, yet both machines on the LAN are in different places? > >> > >> Andrew > >> > >> > >> -----Original Message----- > >> From: isalist-bounce@xxxxxxxxxxxxx > >> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >> On Behalf Of Thomas W Shinder > >> Sent: Saturday, May 20, 2006 12:32 PM > >> To: isalist@xxxxxxxxxxxxx > >> Subject: [isalist] Re: Cert for OWA > >> > >> http://www.ISAserver.org > >> ------------------------------------------------------- > >> > >> What do you mean by "publishing a mail server"? > >> > >> It's a meaningless phrase, like "open a port". > >> > >> Thomas W Shinder, M.D. > >> Site: www.isaserver.org > >> Blog: http://blogs.isaserver.org/shinder/ > >> Book: http://tinyurl.com/3xqb7 > >> MVP -- ISA Firewalls > >> > >> > >> > >>> -----Original Message----- > >>> From: isalist-bounce@xxxxxxxxxxxxx > >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > >>> Sent: Saturday, May 20, 2006 11:17 AM > >>> To: isalist@xxxxxxxxxxxxx > >>> Subject: [isalist] Re: Cert for OWA > >>> > >>> http://www.ISAserver.org > >>> ------------------------------------------------------- > >>> > >>> Your very good at twisting things around aren't you Tom > >> when you know > >>> very well the point I was getting across in the first place. > >>> So are you > >>> saying that I can publish the web server and mail server on > >>> the same URL > >>> and Cert? > >>> > >>> Andrew > >>> > >>> > >>> -----Original Message----- > >>> From: isalist-bounce@xxxxxxxxxxxxx > >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>> On Behalf Of Thomas W Shinder > >>> Sent: Saturday, May 20, 2006 11:58 AM > >>> To: isalist@xxxxxxxxxxxxx > >>> Subject: [isalist] Re: Cert for OWA > >>> > >>> http://www.ISAserver.org > >>> ------------------------------------------------------- > >>> > >>> For inbound connections, there are only Web Publishing Rules > >>> and Server > >>> Publishing Rules > >>> > >>> There is no "mail server publishing rule" although there > >>> might be a Mail > >>> Server Publishing Wizard. > >>> > >>> Thomas W Shinder, M.D. > >>> Site: www.isaserver.org > >>> Blog: http://blogs.isaserver.org/shinder/ > >>> Book: http://tinyurl.com/3xqb7 > >>> MVP -- ISA Firewalls > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English > >>>> Sent: Saturday, May 20, 2006 10:55 AM > >>>> To: isalist@xxxxxxxxxxxxx > >>>> Subject: [isalist] Re: Cert for OWA > >>>> > >>>> http://www.ISAserver.org > >>>> ------------------------------------------------------- > >>>> > >>>> > >>>> The OWA site is a mail publishing rule. It use have FBA. The > >>>> other site > >>>> I agree is not a mail publishing rule thus would require the > >>>> web server > >>>> publishing rule but can both be run off the same URL, > >>>> different servers > >>>> with different paths? > >>>> > >>>> Andrew > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>> On Behalf Of Jim Harrison > >>>> Sent: Saturday, May 20, 2006 11:31 AM > >>>> To: isalist@xxxxxxxxxxxxx > >>>> Subject: [isalist] Re: Cert for OWA > >>>> > >>>> http://www.ISAserver.org > >>>> ------------------------------------------------------- > >>>> > >>>> Must using different path in each rule. > >>>> Don't use the mail server publishing rule for non-mail websites. > >>>> Create a new rule and specify only the app pat in that rule. > >>>> > >>>> -----Original Message----- > >>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>> On Behalf Of Andrew English > >>>> Sent: Saturday, May 20, 2006 8:05 AM > >>>> To: isalist@xxxxxxxxxxxxx > >>>> Subject: [isalist] Re: Cert for OWA > >>>> > >>>> http://www.ISAserver.org > >>>> ------------------------------------------------------- > >>>> > >>>> If I create the website publishing rule for the website, am > >>> I able to > >>>> create an Mail server publishing rule for OWA using the same cert? > >>>> > >>>> Andrew > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>> On Behalf Of Thomas W Shinder > >>>> Sent: Saturday, May 20, 2006 10:11 AM > >>>> To: isalist@xxxxxxxxxxxxx > >>>> Subject: [isalist] Re: Cert for OWA > >>>> > >>>> http://www.ISAserver.org > >>>> ------------------------------------------------------- > >>>> > >>>> I read someone that application layer inspection firewalls > >>>> are actually > >>>> able to take information in the application layer headers > >>> and data and > >>>> make intelligent decisions based on that data. Yes, I > >>> remember now, I > >>>> wrote a 1000+ book about it and the solution is in there. Go > >>>> to the Web > >>>> Publishing chapter. You'll solve all these SSL problems and > >>>> the current > >>>> one. > >>>> > >>>> Thomas W Shinder, M.D. > >>>> Site: www.isaserver.org > >>>> Blog: http://blogs.isaserver.org/shinder/ > >>>> Book: http://tinyurl.com/3xqb7 > >>>> MVP -- ISA Firewalls > >>>> > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > >> Andrew English > >>>>> Sent: Saturday, May 20, 2006 9:13 AM > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> http://www.ISAserver.org > >>>>> ------------------------------------------------------- > >>>>> > >>>>> Yes but if the request is for the following website is > >>>>> www.autosoldnow.com how does it know under the web server > >>> publishing > >>>>> rule that anything with /exchange goes to serverA while > >>>> anything with > >>>>> /ssapp/asn.html goes to serverB? > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> On Behalf Of Jim Harrison > >>>>> Sent: Saturday, May 20, 2006 2:06 AM > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> http://www.ISAserver.org > >>>>> ------------------------------------------------------- > >>>>> > >>>>> You > >>>>> Don't > >>>>> > >>>>> You create two separate rules, Andy. > >>>>> > >>>>> > >>>>> ------------------------------------------------------- > >>>>> Jim Harrison > >>>>> MCP(NT4, W2K), A+, Network+, PCG > >>>>> http://isaserver.org/Jim_Harrison/ > >>>>> http://isatools.org > >>>>> Read the help / books / articles! > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> On Behalf Of Andrew English > >>>>> Sent: Friday, May 19, 2006 20:49 > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> Uhm okay Jim so how to I tell ISA the following under one > >>>>> server publish > >>>>> website rule? > >>>>> > >>>>> > >>>>> > >>>>> https://www.autosoldnow.com/ssapp/asn.html goes to 192.168.1.10 > >>>>> > >>>>> https://www.autsoldnow.com/exchange goes to 192.168.1.2 > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> On Behalf Of Jim Harrison > >>>>> Sent: Friday, May 19, 2006 9:05 PM > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> http://www.ISAserver.org > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> ..so don't use the same listener for both sites. > >>>>> > >>>>> C'mon, Andy - take a moment to think it through. > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Andrew English > >>>>> > >>>>> Sent: Friday, May 19, 2006 4:38 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> http://www.ISAserver.org > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> The problem Jim is there web site doesn't use IIS it uses > >>>>> Jboss which is > >>>>> > >>>>> a Java Application Server, normally Jboss sits on Tomcat > >>>> but this time > >>>>> > >>>>> around there isn't any Tomcat running so I am not sure what > >>>> the script > >>>>> > >>>>> kiddies have done. There is no Tomcat server running under > >>>>> services.msc, > >>>>> > >>>>> there is no apache running anywhere, it all runs from one box. > >>>>> > >>>>> > >>>>> > >>>>> The second box of course runs Exchange 2003 on top of AD > >>>> which doesn't > >>>>> > >>>>> want swing for me without telling me that the version of AD > >>>> is not the > >>>>> > >>>>> same as the other 2003 server even though I raised the domain > >>>>> and forest > >>>>> > >>>>> levels to 2003. > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Jim Harrison > >>>>> > >>>>> Sent: Friday, May 19, 2006 5:59 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> http://www.ISAserver.org > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> This is called "redirect to HTTPS" and is supported in IIS. > >>>>> > >>>>> You can even do it with ISA if you use the > >> isa_redirects package I > >>>>> > >>>>> built. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> Jim Harrison > >>>>> > >>>>> MCP(NT4, W2K), A+, Network+, PCG > >>>>> > >>>>> http://isaserver.org/Jim_Harrison/ > >>>>> > >>>>> http://isatools.org > >>>>> > >>>>> Read the help / books / articles! > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Andrew English > >>>>> > >>>>> Sent: Friday, May 19, 2006 15:08 > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> http://www.ISAserver.org > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> As for OWA we are in the process of buying a separate cert > >>>>> for that. As > >>>>> > >>>>> before what was happening is the had their Linux box > >>>> flipping the HTTP > >>>>> > >>>>> to HTTPS for both the web and exchange site which both > >> run on two > >>>>> > >>>>> different LAN servers. Since the dealers themselves are > >>> too computer > >>>>> > >>>>> illiterate to know what Internet Explorer is let alone where > >>>>> the Address > >>>>> > >>>>> bar is located we had to keep the cert for the web site and > >>>>> flip to HTTP > >>>>> > >>>>> so that portions of the site what stopped working when > >>> the cert was > >>>>> > >>>>> originally installed can function normally again. > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Jim Harrison > >>>>> > >>>>> Sent: Friday, May 19, 2006 5:47 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> http://www.ISAserver.org > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> ..then the subject is irrelevant to the question? > >>>>> > >>>>> "Cert for OWA" seems to indicate to the rest of us that > >>>> this was about > >>>>> > >>>>> OWA publishing. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> Jim Harrison > >>>>> > >>>>> MCP(NT4, W2K), A+, Network+, PCG > >>>>> > >>>>> http://isaserver.org/Jim_Harrison/ > >>>>> > >>>>> http://isatools.org > >>>>> > >>>>> Read the help / books / articles! > >>>>> > >>>>> ------------------------------------------------------- > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Andrew English > >>>>> > >>>>> Sent: Friday, May 19, 2006 14:49 > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> Ah no. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> The username and passwords are only contained within the > >>>> site itself, > >>>>> > >>>>> they are not associated to AD in anyway shape or form. So > >>> if someone > >>>>> > >>>>> wants to see what dealerA has sold on the network be my > >> guess, but > >>>>> > >>>>> they're login name and password don't work where else but on the > >>>>> > >>>>> website. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ________________________________ > >>>>> > >>>>> > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] > >>>>> > >>>>> On Behalf Of Mark Morgan > >>>>> > >>>>> Sent: Friday, May 19, 2006 5:18 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> It really does not mater if there is not personal or > >>>> confidential info > >>>>> > >>>>> on the site, if you pass the user id and password via > >>> http the user > >>>>> > >>>>> domain credentials can be compromised, which someone could > >>>> then use to > >>>>> > >>>>> login to VPN etc. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx]On Behalf Of Andrew English > >>>>> > >>>>> Sent: Friday, May 19, 2006 12:56 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: RE: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> Hi Gerald, > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Thanks for the bit of information as it never > >>>>> crossed my mind > >>>>> > >>>>> that without SSL installed usernames and passwords are > >>> sent in clear > >>>>> > >>>>> text format. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Actually the site is more broken with the SSL > >>>>> enabled then it > >>>>> is > >>>>> > >>>>> without it. So I am not too worried as it changing to a > >> different > >>>>> > >>>>> front-end/back-end within the coming months which will > >>>> switch back to > >>>>> > >>>>> using SSL. It's more important if people can access the > >>>> site correctly > >>>>> > >>>>> now then to have them calling us everyday asking what's > >>>> wrong, and yes > >>>>> > >>>>> we are aware the trade off it has, but since the site > >>>> doesn't contain > >>>>> > >>>>> and personal or confidential information we are not too > >>>>> worried about. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Regards, > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ________________________________ > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of > >>>>> Young, Gerald > >>>>> G > >>>>> > >>>>> Sent: Fri 19/05/2006 3:16 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> How are you connecting then? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> https:// is for SSL. > >>>>> > >>>>> > >>>>> > >>>>> http:// does not use SSL or the certificate you just > >>>>> installed. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> I hope you're not planning on authenticating > >>>> users over just > >>>>> an > >>>>> > >>>>> http connection: the username and password will be sent in > >>>> clear text > >>>>> > >>>>> that anyone can grab should they be listening. > >>>>> > >>>>> > >>>>> > >>>>> Cordially yours, > >>>>> > >>>>> Jerry G. Young II > >>>>> > >>>>> MCSE (4.0/W2K) > >>>>> > >>>>> Atlanta EES Implementation Team Lead > >>>>> > >>>>> ECNS Microsoft Engineering > >>>>> > >>>>> Unisys > >>>>> > >>>>> > >>>>> > >>>>> 11493 Sunset Hills Rd. > >>>>> > >>>>> Reston, VA 20190 > >>>>> > >>>>> Office: 703-579-2727 > >>>>> > >>>>> Cell: 703-625-1468 > >>>>> > >>>>> > >>>>> > >>>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL > >>>> AND/OR OTHERWISE > >>>>> > >>>>> PROPRIETARY MATERIAL and is thus for use only by the intended > >>>>> recipient. > >>>>> > >>>>> If you received this in error, please contact the sender and > >>>>> delete the > >>>>> > >>>>> e-mail and its attachments from all computers. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ________________________________ > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> From: isalist-bounce@xxxxxxxxxxxxx > >>>>> > >>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of > >> Andrew English > >>>>> > >>>>> Sent: Friday, May 19, 2006 3:08 PM > >>>>> > >>>>> To: isalist@xxxxxxxxxxxxx > >>>>> > >>>>> Subject: RE: [isalist] Re: Cert for OWA > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> I figured it out.. After I exported the SSL > >>> cert to pfx on > >>>>> IIS6 > >>>>> > >>>>> and imported it into ISA I was able to surf to the site, > >>>> however I had > >>>>> > >>>>> enabled SSL on the webpage and for some reason it was > >>>> telling me I had > >>>>> > >>>>> to https:// to the site which I was doing, as soon as I > >>> removed the > >>>>> > >>>>> (required SSL) from the web site I was able to access it. > >>>>> Then I applied > >>>>> > >>>>> the html I had to redirect the site back to http. (grin) > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Thanks for those who helped I really do appreciate it! > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Regards, > >>>>> > >>>>> > >>>>> > >>>>> Andrew > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> > >>>>> No virus found in this incoming message. > >>>>> > >>>>> Checked by AVG Free Edition. > >>>>> > >>>>> Version: 7.1.392 / Virus Database: 268.6.1/343 - > >>>>> Release Date: > >>>>> > >>>>> 5/18/2006 > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> > >>>>> No virus found in this outgoing message. > >>>>> > >>>>> Checked by AVG Free Edition. > >>>>> > >>>>> Version: 7.1.392 / Virus Database: 268.6.1/343 - Release > >>>>> Date: 5/18/2006 > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> All mail to and from this domain is GFI-scanned. > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> > >>>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>>> > >>>>> ISA Server Articles and Tutorials: > >>>>> > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> > >>>>> http://www.techgenix.com > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> > >>>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>>> > >>>>> ISA Server Articles and Tutorials: > >>>>> > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> > >>>>> http://www.techgenix.com > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> All mail to and from this domain is GFI-scanned. > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> > >>>>> ISA Server Newsletter: > >>>> http://www.isaserver.org/pages/newsletter.asp > >>>>> > >>>>> ISA Server Articles and Tutorials: > >>>>> > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> > >>>>> http://www.techgenix.com > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> > >>>>> ISA Server Newsletter: > >>>> http://www.isaserver.org/pages/newsletter.asp > >>>>> > >>>>> ISA Server Articles and Tutorials: > >>>>> > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> > >>>>> http://www.techgenix.com > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> All mail to and from this domain is GFI-scanned. > >>>>> > >>>>> > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> > >>>>> ISA Server Newsletter: > >>>> http://www.isaserver.org/pages/newsletter.asp > >>>>> > >>>>> ISA Server Articles and Tutorials: > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> > >>>>> http://www.techgenix.com > >>>>> > >>>>> ------------------------------------------------------ > >>>>> > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> All mail to and from this domain is GFI-scanned. > >>>>> > >>>>> ------------------------------------------------------ > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> ISA Server Newsletter: > >>>> http://www.isaserver.org/pages/newsletter.asp > >>>>> ISA Server Articles and Tutorials: > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> ------------------------------------------------------ > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> http://www.techgenix.com > >>>>> ------------------------------------------------------ > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> ------------------------------------------------------ > >>>>> List Archives: //www.freelists.org/archives/isalist/ > >>>>> ISA Server Newsletter: > >>>> http://www.isaserver.org/pages/newsletter.asp > >>>>> ISA Server Articles and Tutorials: > >>>>> http://www.isaserver.org/articles_tutorials/ > >>>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>>> ------------------------------------------------------ > >>>>> Visit TechGenix.com for more information about our other sites: > >>>>> http://www.techgenix.com > >>>>> ------------------------------------------------------ > >>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>>> > >>>>> > >>>>> > >>>> ------------------------------------------------------ > >>>> List Archives: //www.freelists.org/archives/isalist/ > >>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>> ISA Server Articles and Tutorials: > >>>> http://www.isaserver.org/articles_tutorials/ > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>> ------------------------------------------------------ > >>>> Visit TechGenix.com for more information about our other sites: > >>>> http://www.techgenix.com > >>>> ------------------------------------------------------ > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>> > >>>> ------------------------------------------------------ > >>>> List Archives: //www.freelists.org/archives/isalist/ > >>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>> ISA Server Articles and Tutorials: > >>>> http://www.isaserver.org/articles_tutorials/ > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>> ------------------------------------------------------ > >>>> Visit TechGenix.com for more information about our other sites: > >>>> http://www.techgenix.com > >>>> ------------------------------------------------------ > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>> > >>>> > >>>> All mail to and from this domain is GFI-scanned. > >>>> > >>>> ------------------------------------------------------ > >>>> List Archives: //www.freelists.org/archives/isalist/ > >>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>> ISA Server Articles and Tutorials: > >>>> http://www.isaserver.org/articles_tutorials/ > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>> ------------------------------------------------------ > >>>> Visit TechGenix.com for more information about our other sites: > >>>> http://www.techgenix.com > >>>> ------------------------------------------------------ > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>> > >>>> ------------------------------------------------------ > >>>> List Archives: //www.freelists.org/archives/isalist/ > >>>> ISA Server Newsletter: > >>> http://www.isaserver.org/pages/newsletter.asp > >>>> ISA Server Articles and Tutorials: > >>>> http://www.isaserver.org/articles_tutorials/ > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>> ------------------------------------------------------ > >>>> Visit TechGenix.com for more information about our other sites: > >>>> http://www.techgenix.com > >>>> ------------------------------------------------------ > >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>> > >>>> > >>>> > >>> ------------------------------------------------------ > >>> List Archives: //www.freelists.org/archives/isalist/ > >>> ISA Server Newsletter: > >> http://www.isaserver.org/pages/newsletter.asp > >>> ISA Server Articles and Tutorials: > >>> http://www.isaserver.org/articles_tutorials/ > >>> ISA Server Blogs: http://blogs.isaserver.org/ > >>> ------------------------------------------------------ > >>> Visit TechGenix.com for more information about our other sites: > >>> http://www.techgenix.com > >>> ------------------------------------------------------ > >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>> Report abuse to listadmin@xxxxxxxxxxxxx > >>> > >>> ------------------------------------------------------ > >>> List Archives: //www.freelists.org/archives/isalist/ > >>> ISA Server Newsletter: > >> http://www.isaserver.org/pages/newsletter.asp > >>> ISA Server Articles and Tutorials: > >>> http://www.isaserver.org/articles_tutorials/ > >>> ISA Server Blogs: http://blogs.isaserver.org/ > >>> ------------------------------------------------------ > >>> Visit TechGenix.com for more information about our other sites: > >>> http://www.techgenix.com > >>> ------------------------------------------------------ > >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >>> Report abuse to listadmin@xxxxxxxxxxxxx > >>> > >>> > >>> > >> ------------------------------------------------------ > >> List Archives: //www.freelists.org/archives/isalist/ > >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > >> ISA Server Articles and Tutorials: > >> http://www.isaserver.org/articles_tutorials/ > >> ISA Server Blogs: http://blogs.isaserver.org/ > >> ------------------------------------------------------ > >> Visit TechGenix.com for more information about our other sites: > >> http://www.techgenix.com > >> ------------------------------------------------------ > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >> Report abuse to listadmin@xxxxxxxxxxxxx > >> > >> ------------------------------------------------------ > >> List Archives: //www.freelists.org/archives/isalist/ > >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > >> ISA Server Articles and Tutorials: > >> http://www.isaserver.org/articles_tutorials/ > >> ISA Server Blogs: http://blogs.isaserver.org/ > >> ------------------------------------------------------ > >> Visit TechGenix.com for more information about our other sites: > >> http://www.techgenix.com > >> ------------------------------------------------------ > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >> Report abuse to listadmin@xxxxxxxxxxxxx > >> > >> > >> > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx