This may be a little off topic but how are you guys doing your PKI? Do you do managed (something like Verisign's Go Secure) or do apply for a subordinate root CA from a trusted authority?
If you go the subordinate root CA route, how do you publish your CRLs? How do you deal with users that have multiple machines (laptop and desktop)? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy Sent: Sunday, June 13, 2004 9:28 AM To: Exchange Discussions Subject: RE: Certificate Authority for Owa 2003 If the Root Certificate for the CA that issued the OWA certificate isn't installed to the certificate store of the PC (typically through group policy) then the logon will include a dialog that says "this certificate is valid, but not trusted". If you purchase a certificate (damn cheap from places like instantSSL) whose Root CA is already trusted because it's in the set of Trusted Root CA's installed by the OS, you won't get that prompt. Users won't have to "install" anything over and over again. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scharff Sent: Saturday, June 12, 2004 9:27 PM To: Exchange Discussions Subject: RE: Certificate Authority for Owa 2003 We used an internally generated certificate here for a while and after I'd trust it I wasn't prompted any longer. When the last internal certificate expired, we switched to one issued by a trusted certificate authority. If you don't install it, but just accept it you will indeed be prompted for it each time you access the site. Perhaps that is where the confusion lies? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Posted At: Friday, June 11, 2004 6:38 PM Posted To: swynk Conversation: Certificate Authority for Owa 2003 Subject: RE: Certificate Authority for Owa 2003 Thanks for the reply Chris, the other email admin is saying that our people would have to install the trust certificate every time they logged in.....I don't think that correct is it? I'm going to have to do some more research on this.... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scharff Sent: Friday, June 11, 2004 4:21 PM To: Exchange Discussions Subject: RE: Certificate Authority for Owa 2003 There's certainly nothing wrong with that. You can use a GPO to deploy the certificate authority to your users machines so they will trust it automagically... from home they would need to trust it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Posted At: Friday, June 11, 2004 6:19 PM Posted To: swynk Conversation: Certificate Authority for Owa 2003 Subject: Certificate Authority for Owa 2003 Hey, We are have a debate here about us being our own certificate authority when we move to owa2003. I say that we should be our own because we are only going to allow people who we trust to log on to our system and the people who want to log on to our system should trust us. Any opinions would be welcome. v/r john _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. This email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Babcock & Brown takes measures to protect the content of its communications. However, Babcock & Brown cannot guarantee that email messages will not be intercepted by third parties or that email messages will be free of errors or viruses. If you do not wish to receive any further e-mail from Babcock & Brown, please send an email to [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
