Re: Certs for SSL

Thanks for the reply.

The thing is the clients and the webserver have no common system directory.
They both exist in seperate forests with no trust between.

If I was to use Basic Authentication, wouldn't I need to create local
accounts on the webserver? Also, you mentioned the firewall would have no
influence on basic authentication, is this because it is in clear text? Or
would the firewall have no influence on any type of IIS authentication
methods?

Thanks

"Miha Pihler [MVP]" wrote:

> Hi,
>
> You can use Basic Authentication, but you have to know that it transfers
> username and password in clear text. Firewall does not have any influence on
> this type of authentication.
> Since username and password are sent in clear text this is a good solution
> in combination with SSL that will encrypt the communication including
> username and password that is sent from client to server.
>
> In this case you would only have to install a certificate on server where
> IIS is. If the server does not have access to the internet then you can
> transfer all files that you need to do a request and installation of
> VeriSign certificate on floppy, USB key or any other media, ...
>
> Let us know if you need any further help on this.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
>
> "rui" <rui@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:96316068-EB2C-4A9D-BF40-93D4FBB81B50@xxxxxxxxxxxxxxxx
> > Hi,
> >
> > I want to transfer files via http from a web server to an xp client. I
> > want
> > to ensure that the integrity of the HTTP transfer and I alsoneed clients
> > to
> > authenticate, but , they cannot use kerberos, ntlm etc as their is a
> > firewall
> > between the server and client which only allows port 80 and 443.
> >
> > So I am think of using SSL, with a cert on the web server with certs on
> > the
> > clients too. The thing is I have no CA and these machines cannot access
> > the
> > internet. How can i use certs on these machines? if I get certs from
> > versign,
> > wouldn't I also need the root CA too or put the cert into the trusted CA
> > list?
> >
> > Thanks
> >
>
>
>
.

Relevant Pages

  • Re: Using Certificates for 802.1x and VPN accecss
    ... The cert on the IAS server must contain the server authentication EKU and ... The machine certificates can by provisioned using auto-enrolment. ... login script that will provision the certs. ... How do I distribute the certificate to my clients? ...
    (microsoft.public.security)
  • Re: AuthDBI log out is it possible
    ... joe writes: ... /As far as I know/ you can't force a log out from basic authentication ... from the server. ... Clients will usually remember the login credentials ...
    (comp.lang.perl.misc)
  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: [SLE] SMTP authentication
    ... So eventhough my local SMTP server dials up to the internet with a certain username and password, that same username and password would not be used as authentication between my local SMTP server and the ISP's one, should it be used as a relay? ... either defer all outgoing mails until you connect to the internet, then flush out all the mails in the queue. ... Your local server would use an external program like fetchmail to poll the mailserver of your ISP, download the mails and feed them to Postfix. ... The test does NOT say "All clients must be in mynetworks, ...
    (SuSE)