Re: SSL Encryption

From: William Stacey [MVP] (staceywREMOVE_at_mvps.org)
Date: 02/10/05 

Date: Thu, 10 Feb 2005 01:23:33 -0500

Using WSE, web services, or just plain old HTTP/HTTPS? 

-- 
William Stacey, MVP
http://mvp.support.microsoft.com
"Russ" <russk2@eticomm.net> wrote in message
news:78fk0117kqjckd5c9i1l0irrtt0pe9cnie@4ax.com...
> Thank you Kevin.  That was the answer - I did not realize that I was
> still connecting with HTTPS, duh!  Anyway that answers my question and
> I have confirmed for myself that the data is encrypted.  Now, if you
> can, I have another question.
>
> In our application we need to have our clients use client
> certificates.  I am able to request certificates to the local
> certificate server via http:\\server\certsrv, and install them and all
> is ok.  But with real clients we do not want to use this mechanism.
> We want to physically give the clients the certificate (on CD), and
> have them use that one.  But I cannot find out how to do this.  How do
> I request a certificate that is not automatically installed and how do
> I find the resulting certificate so I can copy it to disk, and how do
> I get the client's browser to install the certificate from the file.
>
> I have spent a lot of time searching MS documentation and the Internet
> for these answers without any luck, so if you can answer or point me
> to appropriate documentation I would very much appreciate it.
>
> Thank you, Russ
>
> On Tue, 08 Feb 2005 02:00:50 GMT, v-kevy@online.microsoft.com (Kevin
> Yu [MSFT]) wrote:
>
> >Hi Russ,
> >
> >Could you let me know what kind of protocol you're using to access the
> >site, http or https? When Require Secure Channel is disabled, you can
still
> >access the site with SSL encryption by https. Because it means you can
> >access with both http or https when the checkbox is unchecked. But when
it
> >is checked, you can only use https. So using https will always make your
> >contents encrypted.
> >
> >HTH.
> >
> >Kevin Yu
>

Relevant Pages

  • Re: Intermittent SSL connection problems with IIS6 on Windows 2003 R2 SP2
    ... Are you saying that those people who can't view the https default page can always view the http default page, or is it something more than that? ... Some of our clients have no problem using the https version. ... certificate issue, as otherwise no-one would be able to see the site. ... The clients experiencing problems have a mix of operating systems ...
    (microsoft.public.windows.server.general)
  • Re: X509 and SSL
    ... When you enable SSL / HTTPS on a particular folder, ... If you need to authenticate your clients via signatures, ... >>> must i buy one certificate for sign response messages and one ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: SSL Encryption
    ... Thank you Kevin. ... still connecting with HTTPS, duh! ... But with real clients we do not want to use this mechanism. ... We want to physically give the clients the certificate, ...
    (microsoft.public.dotnet.general)
  • IE https certificate attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform ... server name with the name stored in the certificate. ... There is a flaw in the way IE checks HTTPS objects that are embedded into ... I don't know the source code of the Internet Explorer I cannot check the ...
    (Bugtraq)
  • Re: IE https certificate attack
    ... How non-interactive ssl clients in EAI and web services software handle ... Subject: IE https certificate attack ...
    (Vuln-Dev)