Re: SSL versus logon

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/14/04 

Date: Tue, 14 Sep 2004 16:35:16 +0200

I just remembered how you can test it. Use certificate that your browser
won't trust. Then enter https://mail.domain.com/ and you will first get this
prompt http://freeweb.siol.net/mpihler/certnottrusted.jpg -- this prompt is
asking me, do I really want to use SSL with untrusted certificate. If I
chose yes SSL is established and I get this prompt
http://freeweb.siol.net/mpihler/logon.jpg.

Mike

"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:uAvWNbmmEHA.1008@TK2MSFTNGP14.phx.gbl...
> Hi,
>
> If you set it up in a manner that I mentioned (Require secure channel),
yes
> SSL will be established first.
>
> You probably don't see the yellow lock because you get this window
first...
> http://freeweb.siol.net/mpihler/logon.jpg
>
> Mike
>
> "Torben Broendum" <anonymous@discussions.microsoft.com> wrote in message
> news:09fa01c49a65$18f154e0$a601280a@phx.gbl...
> > ....even you cannot see the yellow icon (cannot remember
> > the english word for it) when you send the logon
> > informations and the icon first become vissible after the
> > logon procedure?
> >
> > Torben Broendum
> >
> >
> > >-----Original Message-----
> > >If you e.g. enter https:// in your URL and you setup SSL
> > certificate then
> > >SSL is established before username and password is sent.
> > >
> > >What you can do for additional security is
> > enable "Require secure channel
> > >(SSL)". This way IIS server will require any user
> > accessing OWA to use SSL
> > >and will not allow insecure connection. I also usually
> > block any access from
> > >Internet to the server over TCP port 80 and allow only
> > port 443...
> > >
> > >Description of the Secure Sockets Layer (SSL) Handshake
> > >http://support.microsoft.com/default.aspx?scid=kb;EN-
> > US;257591
> > >
> > >Mike
> > >
> > >"Torben Broendum" <anonymous@discussions.microsoft.com>
> > wrote in message
> > >news:09b901c49a62$0a052b80$a601280a@phx.gbl...
> > >> Hi,
> > >>
> > >> On a win2Ksrv I use SSL connecting to OWA. Is the SSL
> > >> connection active at the time when I type the user id
> > and
> > >> user password - or is the mentioned send in clear text.
> > >>
> > >> If the last mentioned is correct - how the to prevent
> > the
> > >> clear text regarding id and password - before the SSL in
> > >> functioning "correct"?
> > >>
> > >> Regards, Torben Broendum
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • Re: SSL versus logon
    ... certificate on my win2ksrv and my browser does accept the ... How can I make my certificate "trustet" by the browser - I ... do I really want to use SSL with untrusted ... >chose yes SSL is established and I get this prompt ...
    (microsoft.public.windows.server.general)
  • OWA page cannot be displayed
    ... I went through the steps for creating a certificate so I ... can access OWA over SSL. ... I get the prompt for ...
    (microsoft.public.inetserver.iis.security)
  • OWA page not found
    ... I went through the steps for creating a certificate so I ... can access OWA over SSL. ... I get the prompt for ...
    (microsoft.public.exchange.clients)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... > Then the world would have no problem trusting your domain level PKI ... coined the term "certificate manufacturing" to distinquish from actual ... it turns out that one of the reasons for the SSL server domain name ...
    (sci.crypt)
  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... one of the motivating factors for the SSL domain name server ... server certificate, ... Was: PKI International Consortium ...
    (sci.crypt)