Re: Securing OWA with SSL.
From: Not Much (imanidiot111_at_hotmail.com)
Date: 05/21/03
- Previous message: Tom Kaminski [MVP]: "Re: IIS Version"
- In reply to: David Cross [MS]: "Re: Securing OWA with SSL."
- Next in thread: Joseph Steinberg: "Re: Securing OWA with SSL."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 May 2003 07:23:48 -0700
I use client certificates with Windows 2000 sp3 /Exchange 2000 sp3 OWA
with no problems. I've got it configured to require 128 bit SSL. So,
in order to get to OWA, a user has to use https, the browser has to be
128 bit, and they must present a pre-installed certificate, and even
after they pass all that, they still have to type in their domain
username and password. I'm not doing the client certificate mapping
though, so that even after presenting the certificate, the client
still has to log in as normal.
It's a great security measure, but I have also run into the problem of
users wanting to use OWA from hotel computers as well as computers at
other companies. Not a whole lot of web cafes here though. But it
does irk those users who either don't want to buy a laptop(my company
only pays for half), or don't want to carry one around.
"David Cross [MS]" <dcross@online.microsoft.com> wrote in message news:<#5lYGLjFDHA.1840@TK2MSFTNGP10.phx.gbl>...
> Couple of issues here. With IE 6 SP1, you need to apply Q323172 on both the
> client and the CA.
>
> Second item - OWA does not support SSL with client authentication
> certificates - not on Windows 2000 with Exchange 2000. This may be
> available with a future release. You can use SSL server certifcates however
> and this is a good practice.
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> http://support.microsoft.com
>
> "MikeM" <nospam@me.com> wrote in message
> news:epdAyHMFDHA.2800@tk2msftngp13.phx.gbl...
> > Server platform is NT 4.0 sp6a, Exchange 5.5 sp4, Certificate Server 1.0.
> > IIS 4.0
> > I am trying to secure my OWA server. The issue is we started having users
> > use web cafés to check their email using OWA. This seems to be something
> > that we cannot stop. Kind of like closing Pandora's box after it has been
> > opened. It was suggested to us that we us SSL to encrypt the traffic. I am
> > not 100% sure which Client Certificate Authentication method to use. Since
> > the users will be in web cafés to use this would it be to our advantage in
> > setting Client Certificates at all? One issue I ran into when on my test
> > server was when a client tries to use the certificate enrollment webpage
> on
> > the Certificate Server it doesn't work with IE 6.0 sp1. It works fine with
> > IE 5.x. I did find a browscap.ini update that has IE 6.0 but not sure if
> > this file is the same for IE 6.0sp1. My question is really if the users
> are
> > using these web cafés to collect their mail via OWA do we need the Client
> > Certificate Authentication at all?
> >
> >
- Previous message: Tom Kaminski [MVP]: "Re: IIS Version"
- In reply to: David Cross [MS]: "Re: Securing OWA with SSL."
- Next in thread: Joseph Steinberg: "Re: Securing OWA with SSL."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
