RE: Kinda OT: OWA and SSL
Sure. You know, like freedom fries, waa laa etc.. Well, it seemed funnier after a few glasses of wine. :| -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley Sent: Friday, June 13, 2003 11:09 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Waa Laa? Would that be the Anglicization of voila? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Friday, June 13, 2003 5:06 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL We typically copy the certification path to the web server, create a link on the page to the path and let the clients install the path from there. Waa Laa. No more annoying pop-up box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Sent: Friday, June 13, 2003 7:42 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
Andy was PWI last night. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Saturday, June 14, 2003 6:57 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Sure. You know, like freedom fries, waa laa etc.. Well, it seemed funnier after a few glasses of wine. :| -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley Sent: Friday, June 13, 2003 11:09 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Waa Laa? Would that be the Anglicization of voila? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!(tm) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Friday, June 13, 2003 5:06 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL We typically copy the certification path to the web server, create a link on the page to the path and let the clients install the path from there. Waa Laa. No more annoying pop-up box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Sent: Friday, June 13, 2003 7:42 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface
RE: Kinda OT: OWA and SSL
Everything usually does. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Saturday, June 14, 2003 6:57 AM To: Exchange Discussions Sure. You know, like freedom fries, waa laa etc.. Well, it seemed funnier after a few glasses of wine. :| -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley Sent: Friday, June 13, 2003 11:09 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Waa Laa? Would that be the Anglicization of voila? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Friday, June 13, 2003 5:06 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL We typically copy the certification path to the web server, create a link on the page to the path and let the clients install the path from there. Waa Laa. No more annoying pop-up box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Sent: Friday, June 13, 2003 7:42 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http
Re: Kinda OT: OWA and SSL
Either. - Original Message - From: Scott Force [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:31 AM Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
In the ether? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 8:35 AM To: Exchange Discussions Either. - Original Message - From: Scott Force [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:31 AM Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
FWIW we use Geotrust certs from rackshack.net - no idea how they can do it but they're $39 and work just fine and do up to 128bit. As I see it certs do two things, encrypt, and prove you are who you claim to be, and to me the extra that Verisign and the likes cost isn't worth it for what you gain. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: 13 June 2003 15:32 To: Exchange Discussions Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
I don't know how a cert needs to cost more than $39, or even that much for that matter. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Hutchings Sent: Friday, June 13, 2003 9:36 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL FWIW we use Geotrust certs from rackshack.net - no idea how they can do it but they're $39 and work just fine and do up to 128bit. As I see it certs do two things, encrypt, and prove you are who you claim to be, and to me the extra that Verisign and the likes cost isn't worth it for what you gain. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: 13 June 2003 15:32 To: Exchange Discussions Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
We use our own certs for OWA. Since its just our employees hitting that site (well lets say its our employees that should be hitting that site), Im not so concerned that we are not endorsed by a 3rd party. We prefer to pay the $700 (to Verisign) for the cert and use it on our truly public sites. Hope that helps. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 7:32 AM To: Exchange Discussions Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
Thanks for the input...something for me to investigate -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 9:36 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL FWIW we use Geotrust certs from rackshack.net - no idea how they can do it but they're $39 and work just fine and do up to 128bit. As I see it certs do two things, encrypt, and prove you are who you claim to be, and to me the extra that Verisign and the likes cost isn't worth it for what you gain. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: 13 June 2003 15:32 To: Exchange Discussions Subject: Kinda OT: OWA and SSL I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
We typically copy the certification path to the web server, create a link on the page to the path and let the clients install the path from there. Waa Laa. No more annoying pop-up box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Sent: Friday, June 13, 2003 7:42 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Kinda OT: OWA and SSL
Waa Laa? Would that be the Anglicization of voila? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Friday, June 13, 2003 5:06 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL We typically copy the certification path to the web server, create a link on the page to the path and let the clients install the path from there. Waa Laa. No more annoying pop-up box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Sent: Friday, June 13, 2003 7:42 PM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL While I agree that 3rd-party certs are easier to install/manage, I would strongly disagree with your assertion that homegrown certs can not be made trusted. That is really not true at all. If you have your CA setup correctly (no easy task, mind you), homebrews or imports taste the same to your clients. Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, June 13, 2003 7:40 AM To: Exchange Discussions Subject: RE: Kinda OT: OWA and SSL Both will work. What you get with a third party cert is the assertion that the server to which your clients are connecting is truly part of your domain (i.e. traffic isn't being hijacked to a rogue server in order to steal passwords, etc.) With a cert from a homegrown server, your users will always get a message when they connect to your OWA server that the cert cannot be verified. The server is effectively saying give me your password, please. You can trust me because I say I can be trusted. Here's proof that I generated that says I can be trusted. Users can be trained to ignore the cert error. In my opinion it's not as clean of an implementation and the $700 for a third party cert is justified. * * Erik Sojka, MOS, MCSE * * Asst. VP, Technology Services * * [EMAIL PROTECTED] * * -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:32 AM To: Exchange Discussions I've setup OWA (5.5/6a) and I now want to secure it with SSL. I have a stand alone 2000 server where IIS and OWA are installed in an NT 4.0 domain. Do I have to install Certificate Services on the 2000 server or can I use one from a third party (ie VeriSign) vendor? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]