Re: wireless lan & computer certificates
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/14/03
- Next message: David: "Uncillisated emails"
- Previous message: Philip Herlihy: "Re: password protection floppy disc"
- In reply to: Dave Taylor: "Re: wireless lan & computer certificates"
- Next in thread: Dave Taylor: "Re: wireless lan & computer certificates"
- Reply: Dave Taylor: "Re: wireless lan & computer certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Nov 2003 05:43:43 -0800
yes, you could require that the IAS or IIS server require client
authentication certs ... that way only clients with certs from your CA can
access it.
one example: Step by Step Guide to Certificate Mapping:
http://www.microsoft.com/windows2000/techinfo/planning/security/mappingcerts.asp
this can also be done with wireless, RAS, VPN server, etc.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Dave Taylor" <Dave.Taylor@work.com> wrote in message news:3fb39865$1@eumel.hag.hilti.com... > Thanks for the links, David. > > Moving the goalpost slightly ... If we had a public accessible ssl server - > but we want to restrict its access to only computers that have a computer > certificate given from our CA ... would there be a recommended 'best > practice' for this ? > > eg if I am using my company laptop (with a computer cert), i should be able > to access https://company.domain.com (from any valid internet ip address) > > but if I went to an internet cafe, and typed the same https address, I > shouldn't be allowed to connect. > > > Any info much appreciated. > > Dave > > > "David Cross [MS]" <dcross@online.microsoft.com> wrote in message > news:u5OYq$RqDHA.708@TK2MSFTNGP10.phx.gbl... > > yes, it is called PEAP and there are several docs available that discuss > > this: > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&DisplayLang=en > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=cdb639b3-010b-47e7-b234-a27cda291dad&DisplayLang=en > > > > -- > > > > > > David B. Cross [MS] > > > > -- > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > http://support.microsoft.com > > > > "Dave Taylor" <Dave.Taylor@work.com> wrote in message > > news:3fb1e970$1@eumel.hag.hilti.com... > > > Hi all, > > > > > > We are looking at wireless technology at the moment. Obviously, > security > > is > > > the big concern . > > > > > > > > > > > > Does anyone know of a method for us to set up a wireless technology that > > > makes use of our internal m/s PKI - but NOT by using the user > certificates > > > (ie smartcards), but computer certificates ? > > > > > > > > > > > > What we want is to only allow computers that have a valid company > computer > > > certificate to be allowed to 'get a login prompt' to our wireless > network. > > > > > > > > > > > > > > > > > > Is this do-able ? > > > > > > > > > > > > > > > > > > Thanks for any help, > > > > > > > > > > > > > > > > > > Dave > > > > > > > > > > > >
- Next message: David: "Uncillisated emails"
- Previous message: Philip Herlihy: "Re: password protection floppy disc"
- In reply to: Dave Taylor: "Re: wireless lan & computer certificates"
- Next in thread: Dave Taylor: "Re: wireless lan & computer certificates"
- Reply: Dave Taylor: "Re: wireless lan & computer certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
