Re: SSL Encryption

From: Russ (russk2_at_eticomm.net)
Date: 02/09/05 

Date: Wed, 09 Feb 2005 11:49:34 -0500

Thank you Kevin. That was the answer - I did not realize that I was
still connecting with HTTPS, duh! Anyway that answers my question and
I have confirmed for myself that the data is encrypted. Now, if you
can, I have another question.

In our application we need to have our clients use client
certificates. I am able to request certificates to the local
certificate server via http:\\server\certsrv, and install them and all
is ok. But with real clients we do not want to use this mechanism.
We want to physically give the clients the certificate (on CD), and
have them use that one. But I cannot find out how to do this. How do
I request a certificate that is not automatically installed and how do
I find the resulting certificate so I can copy it to disk, and how do
I get the client's browser to install the certificate from the file.

I have spent a lot of time searching MS documentation and the Internet
for these answers without any luck, so if you can answer or point me
to appropriate documentation I would very much appreciate it.

Thank you, Russ

On Tue, 08 Feb 2005 02:00:50 GMT, v-kevy@online.microsoft.com (Kevin
Yu [MSFT]) wrote:

>Hi Russ,
>
>Could you let me know what kind of protocol you're using to access the
>site, http or https? When Require Secure Channel is disabled, you can still
>access the site with SSL encryption by https. Because it means you can
>access with both http or https when the checkbox is unchecked. But when it
>is checked, you can only use https. So using https will always make your
>contents encrypted.
>
>HTH.
>
>Kevin Yu

Relevant Pages

  • Re: X509 and SSL
    ... When you enable SSL / HTTPS on a particular folder, ... If you need to authenticate your clients via signatures, ... >>> must i buy one certificate for sign response messages and one ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Intermittent SSL connection problems with IIS6 on Windows 2003 R2 SP2
    ... Are you saying that those people who can't view the https default page can always view the http default page, or is it something more than that? ... Some of our clients have no problem using the https version. ... certificate issue, as otherwise no-one would be able to see the site. ... The clients experiencing problems have a mix of operating systems ...
    (microsoft.public.windows.server.general)
  • Re: SSL and redirect
    ... Kevin, ... I pretty much locked down applications to https only, ... Any information that you found about using SSL would ... > that seems to favor the Web Server Certificate Wizard ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SSL Encryption
    ... > still connecting with HTTPS, ... But with real clients we do not want to use this mechanism. ... > We want to physically give the clients the certificate, ... > Thank you, Russ ...
    (microsoft.public.dotnet.general)
  • IE https certificate attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform ... server name with the name stored in the certificate. ... There is a flaw in the way IE checks HTTPS objects that are embedded into ... I don't know the source code of the Internet Explorer I cannot check the ...
    (Bugtraq)
Quantcast