I think I will just create a tutorial from the main site that explains how to install the certificate. Users connect to the root site and then choose the appropriate domain. This directs them to the appropriate site that has clear text passwords enabled (over ssl of coarse) with a default domain set. I can place a tutorial on the root site for them to look at first.
-----Original Message----- From: Andrew Chan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 3:57 PM To: Exchange Discussions Subject: RE: OWA 5.5 and SSL It is installed from the web server. How many users do you have on your LAN, it might just be as easy as sending out an email telling them what to do when it pops up, since it's one time deal, you don't have to spend much time on pushing it down. I can't remember whether the config.pol on win9x (since win9x will not read the GPO from win2K servers) will have the options or not for the Cert trust list. You may have to dig around for that info. I gave up on win9x for a long time. Otherwise, you might want to take a look at IEAK stuff. Andrew, MCSE (NT & W2K) + CCNA -----Original Message----- From: Murphy, Brian [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 13, 2001 1:42 PM Posted To: NewsgroupDiscussion Conversation: OWA 5.5 and SSL Subject: RE: OWA 5.5 and SSL Also. If you choose to install the certificate manually. Where is it installed from? The OWA webserver or the original CA server that issued the certificate? Pardon my ignorance. -----Original Message----- From: Andrew Chan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 3:15 PM To: Exchange Discussions Subject: RE: OWA 5.5 and SSL You can use a policy to pass on your CA in to the Trust List of your browser (if you use IE), then all of your users will not be prompted by their browser any more. Otherwise, you will have to write up a procedure, so when all the users receive the prompt, go to the tab, and click on "install" or "import" this cert... Andrew, MCSE (NT & W2K) + CCNA -----Original Message----- From: Murphy, Brian [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 13, 2001 1:23 PM Posted To: NewsgroupDiscussion Conversation: OWA 5.5 and SSL Subject: RE: OWA 5.5 and SSL Yeah. 443 is open internally. The OWA site is internal. Did I do the certificate process correctly? Here's what I did. 1. Setup Root CA in 2000 system outside of Firewall (Internet) 2. From IIS Directory Security tab clicked on Server Certificate 3. Created new certificate info and saved to txt file. 4. When to CA server and chose advanced options. 5. Copy & paste info from text file. 6. Authorized certificate 7. Went back and downloaded certificate 8. Imported this information into IIS site. I believe everything is working now. However, IS there a way to not get prompted to install or "trust" the certificate. Can I automate this process somehow for "Internal" users. Internal users do not have access to the Internet. The owa site is for "Internal" use and is on the LAN not the Internet. -----Original Message----- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:51 PM To: Exchange Discussions Subject: Re: OWA 5.5 and SSL Sounds like you need to open port 443 to allow SSL to your IIS server hosting your OWA pages. ----- Original Message ----- From: "Murphy, Brian" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, November 13, 2001 3:52 PM Subject: OWA 5.5 and SSL > I have setup a test OWA server on Exchange 5.5 and Windows 2000 OS. I > created two sites on the same server because I have two master > domains. All > mailboxes are located on this one box. After modifying the registry > and changing a few files in each directory...everything works great. > > I installed a CA server on the outside of my firewall. I used this to > create a certificate which I subsequently imported into the IIS > properties for the root site. > > Internal users can connect to the site normally http: (I have not > required ssl yet) but when they connect using https: the browser hoses > up. Most users do not have access to the internet (past the > firewall). > > I am just learning certificates. Does the internal user require > access to the Certificate Server on the outside of the firewall or can > I somehow allow > them to get this from the webserver? > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]