Re: OWA, SSL and Certificate question.
From: Jan Suralertrungsri [MSFT] (jansur_at_online.microsoft.com)
Date: 05/19/04
- Next message: thang: "Re: OWA loads with errors on some clients and works on others"
- Previous message: thang: "upgrade to exchange 2003"
- In reply to: Baris Eris [MS]: "Re: OWA, SSL and Certificate question."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 19 May 2004 21:13:58 GMT
Hello,
It is true that when you are using your own CA to publish the cert, you
will have to get your client to trust your root CA in order to avoid such
security alert. Most 3rd party certs are trusted with most of the browsers
by default.
Jan Suralertrungsri (MSFT)
-- Get Secure! - www.microsoft.com/security -- When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. -- This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- >From: "Baris Eris [MS]" <barise@online.microsoft.com> >References: <#W$kuBFPEHA.3300@TK2MSFTNGP09.phx.gbl> >Subject: Re: OWA, SSL and Certificate question. >Date: Tue, 18 May 2004 20:42:22 -0700 >Lines: 53 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2900.2096 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2096 >X-RFC2646: Format=Flowed; Response >Message-ID: <e4ZaBNVPEHA.680@TK2MSFTNGP11.phx.gbl> >Newsgroups: microsoft.public.exchange.clients >NNTP-Posting-Host: 67.185.171.66.subscriber.vzavenue.net 66.171.185.67 >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11 .phx.gbl >Xref: cpmsftngxa10.phx.gbl microsoft.public.exchange.clients:84848 >X-Tomcat-NG: microsoft.public.exchange.clients > >Chris, all web browsers trust to certain Cert Authorities by default. You >can review these from your Internet Explorer / Tools / Internet Options / >Content / Publishers / Trusted Root Cert Auths tab.. > >Now, obviously your own cert auth is not registered here. If you have a >controlled client base and if you can modify their trust roots on all of >them, you can make it work such that it won't pop-up that way. > >That's why Verisign and others are charging you -- they're already trusted >by everyone, so when you want to publish an SSL web site, you buy a cert >from such authorities and ease the deployment challenge. > >Hope this clarifies why it's happening. In most cases buying the cert (few >hundred $ per year) is cheaper than maintaining your own CA, assuming you >have just 1 site. > >Baris. > >-- >This posting is provided "AS IS" with no warranties, and confers no rights. > >"Christopher King" <cking@whitneyhawks.com> wrote in message >news:%23W$kuBFPEHA.3300@TK2MSFTNGP09.phx.gbl... >> Hi, >> >> I've been testing installations of Exchange 2003 and setting it up to use >> SSL, using the exchange server itself as the certificate authority. >> Functionally it works perfectly well, but there is a part that I am >> guessing I'm doing wrong: >> >> Every time a user goes to the URL for the site (using HTTPS) it pops up >> the "Security Alert" noting that "the security certificate was issued by a >> company you have not chosen to trust. View the certificate to determine >> whether you want to trust the certifying authority." It offers YES, NO, >> and VIEW CERTIFICATE. >> >> Yes loads OWA, No stops the load, and View Cert allows me to inspect and >> install the certification. My assumption was that installing the cert >> would have some use such as not showing me this alert each time, but I >> have yet to have that happen. I am at a loss as to what installing the >> cert does then, and how to get this message to not show up. I'd love to >> implement it across the enterprise, but not if each time a client hits the >> site, they have to approve it. >> >> Any help would be appreciated. >> >> Tested on IE6, Winxp, Win2000, and Win2003. >> >> Thanks, >> >> Chris > > >
- Next message: thang: "Re: OWA loads with errors on some clients and works on others"
- Previous message: thang: "upgrade to exchange 2003"
- In reply to: Baris Eris [MS]: "Re: OWA, SSL and Certificate question."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
