Here are two KB articles that I managed to find: http://support.microsoft.com/default.aspx?scid=kb;en-us;234022
http://support.microsoft.com/default.aspx?scid=kb;EN-US;218445 It is a ridiculous process and I recommend doing it on a test server first. I'm sure their are better walkthroughs written by non-M$ people. That is why I asked on this forum. Worst case is that you have to remove the certs and reinstall OWA. I wasn't able to get the cert going after a couple tries and ran out of time. I intend to revisit it soon though. Johnny -----Original Message----- From: Meade, Devin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 8:42 AM To: NT 2000 Discussions Subject: RE: Repeated attempts to log into IIS The guy that set this all up has moved on. He explained it to me - you just run the wizard and grant yourself a cert. I am thinking that the user could install the cert to their local machine and they would not get the security alert (until it expired - maybe you can make it for more than a year). It is all on the NT4 option pack (IIS, MS Certificate server, Key Manager). After you install OWA, **I think** you go to the IIS Exchange website and require secure communications and run Key Manager and then somehow associate the Certificate with the IIS website. HTH, Devin L. Meade, CNE, MCP Network Administrator Frankfurt-Short-Bruza www.fsb-ae.com www.oklahomadome.com -----Original Message----- From: Steve Aspindle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 5:20 AM To: NT 2000 Discussions Subject: RE: Repeated attempts to log into IIS Please can you explain the steps to create your own certificate? I would like to do this but which app. do I need to run to generate the cert. Thanks Steve -----Original Message----- From: Niki Blowfield - Winnt [mailto:[EMAIL PROTECTED]] Sent: 28 January 2003 08:51 To: NT 2000 Discussions Subject: RE: Repeated attempts to log into IIS Hi Thanks for the response I will do some research into this as its not something I've used before Thanks Mr. Niki Blowfield IT Administrator Westminster Partitions & Joinery T - 020 8848 0126 F - 020 8848 8845 > -----Original Message----- > From: Meade, Devin [mailto:[EMAIL PROTECTED]] > Sent: 27 January 2003 18:38 > To: NT 2000 Discussions > Subject: RE: Repeated attempts to log into IIS > > > You can buy one if you want or you can issue one to yourself. > The general public is not using it. > > So far as someone else's certificate that they issued to > themselves - I wouldn't trust it :-). It is the same thing > as a stranger saying "Trust me". We simply tell our staff > "Trust this server even though we did not pay big bucks for a > certificate". > > Thanks, > > Devin L. Meade, CNE, MCP > Network Administrator > Frankfurt-Short-Bruza > www.fsb-ae.com > www.oklahomadome.com > > > > -----Original Message----- > From: Johnny Martinez [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 12:19 PM > To: NT 2000 Discussions > Subject: RE: Repeated attempts to log into IIS > > This doesn't require a purchased SSL Cert? > > J > > -----Original Message----- > From: Meade, Devin [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 10:09 AM > To: NT 2000 Discussions > Subject: RE: Repeated attempts to log into IIS > > > Niki, > > --- Can anyone advise if theres anything else I should be doing > or be particularly concerned about? --- > > I would encrypt your OWA login process - On our private LAN, > we have OWA installed on an NT4 box (with IIS). Our firewall > forwards port 443 (SSL) to it. On this box, we issued > ourselves a certificate and have the client answer yes to the > Security alert. All this to ensure that the clients > credentials are encrypted. We have no proxy server in this > loop. Can you > change OWA to port 443 and then block port 80 at the firewall? > > Devin L. Meade, CNE, MCP > Network Administrator > Frankfurt-Short-Bruza > www.fsb-ae.com > www.oklahomadome.com > > > -----Original Message----- > From: Niki Blowfield - Winnt [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 10:46 AM > To: NT 2000 Discussions > Subject: Repeated attempts to log into IIS > > Hi > > We have an IIS4 server on our private LAN, port 80 traffic is > forwared to it from the firewall as it is our OWA server, it > is also our MS Proxy Server > > Its been used as an anonymous proxy from unauthorised users > based externally despite me trying a number of things to stop > this as advised from some kind soul on one of the MS newsgroups > > Instead, I've moved proxy server to another server, although > the 1st server will remain as our OWA server > > Today, I've noticed hundreds of failed attempts to log into > this server, which if you try to connect to it, just displays > the generic IIS4 sample website. > > With the addition of the \exchange subdirectory, you > obviously get the OWA log in > > I assume this is a consequence of the machines use as an > anonymous proxy, but its a little disconcerting to be honest. > I'm happy the machine is patched, and I don't think anything > could be done if someone guessed a domain user login/password > > Can anyone advise if theres anything else I should be doing > or be particularly concerned about? > > Thanks a lot > > Nik > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
