Re: certificates and OWA

From: John McCoy (itsme109@hotmail.com)
Date: 10/28/02 

From: "John McCoy" <itsme109@hotmail.com>
Date: Sun, 27 Oct 2002 22:44:49 -0500

https://mail.mccoys.ws/exchange

username john
no pw

"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:uHkmU2gfCHA.2532@tkmsftngp09...
> sure - send me the URL
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "John McCoy" <itsme109@hotmail.com> wrote in message
> news:urlmv8o0a9da0e@corp.supernews.com...
> > I am assuming you mean the web certificate I created? I am trying to
> install
> > it when the prompt comes up for the certificate. I do attempt to in
stall
> it
> > and point it to the root but it never installs. It tells me it is not
> > trusted. see a red mark on the certificate. Inside the domain everything
> > looks good so it appears that is seeing a certificate it can't verify.
> >
> > I do install it in the root but it never actually puts it there. If you
> can
> > I'll give you the web address and you can look at it.
> >
> > Thanks
> > John
> >
> > "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> > news:OdboCPQfCHA.1756@tkmsftngp12...
> > > Have you installed the root certificate on the outslide client win98
> > > machines?
> > >
> > > I suspect that is the problem and not the CRL.
> > >
> > > --
> > >
> > >
> > > David B. Cross [MS]
> > >
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > >
> > > http://support.microsoft.com
> > >
> > > "John McCoy" <itsme109@hotmail.com> wrote in message
> > > news:urju5jdgo9r27a@corp.supernews.com...
> > > > Hi, this is the issue I am having. Internally all clients work very
> > well.
> > > > Outside it is saying the certificate is issued by a company I have
not
> > > > chosen to trust. In windows 98 it complains of the CRL. I published
> the
> > > crl
> > > > in the store. I install the certificate and even put it in the
trusted
> > > store
> > > > and it isn't installed. When looking at the certificate it says it
> can't
> > > be
> > > > verified to a trusted CA so going backwards it is missing something.
> > > >
> > > > It seems to be the way I am installing the certificate on the web
> > server.
> > > Is
> > > > there a good doc on the right way? That is one issue and perhaps the
> way
> > I
> > > > am setting up the CRL. I am very close here just need to fix these
two
> > > > things.
> > > >
> > > > Thanks
> > > >
> > > > John
> > > >
> > > > "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> > > > news:uNryymCfCHA.2556@tkmsftngp08...
> > > > > Is the root CA trusted on all the clients? if the machines are
not
> > > > attached
> > > > > to the domain or are Windows 9.x machines, you will need to have
the
> > > root
> > > > CA
> > > > > iinstalled/trusted on all clients that hit the OWA SSL web site.
IE
> > > does
> > > > > not check the CRL by default.
> > > > >
> > > > > --
> > > > >
> > > > >
> > > > > David B. Cross [MS]
> > > > >
> > > > > --
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > >
> > > > > http://support.microsoft.com
> > > > >
> > > > > "John McCoy" <jmccoy@cmatech.com> wrote in message
> > > > > news:Ox0c6N3eCHA.2636@tkmsftngp11...
> > > > > > Thanks, the problem I think is that th;L1%ient (OWA) can't
access
> > the
> > > > CRL.
> > > > > > From what I have read I believe I need to create a domain policy
> > which
> > > I
> > > > > am
> > > > > > trying to create one but when I open the store to digitally sign
> it
> > > the
> > > > > > store is empty.
> > > > > >
> > > > > > I have a root CA and a sub CA and am using AD. Shouldn't I be
able
> > to
> > > > see
> > > > > > all the certificates issued on both machines?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > > "Chris Gilbert" <Chris.Gilbert@Consignia.com> wrote in message
> > > > > > news:3db7b1ab@RGINF-S02.research-group.co.uk...
> > > > > > >
> > > > > > > John Mccoy wrote
> > > > > > >
> > > > > > > > When a user goes to the site https://mydomain/exchange they
> are
> > > > > prompted
> > > > > > > for
> > > > > > > > the certificate. If I am running Win2K it says the
certificate
> > > > cannot
> > > > > be
> > > > > > > > verified to the certificate authority. I windows98 it says
it
> > > can't
> > > > > find
> > > > > > > or
> > > > > > > > verify the certificate revocation list.
> > > > > > >
> > > > > > > For SSL to work, the client and the server must share a common
> > root
> > > > > > > of trust. This can acheived a number of ways. Your client and
> > server
> > > > > cert
> > > > > > > could have been issued by the same authority; your client and
> > server
> > > > > > > certs could have been issued by different authorities but
which
> > > share
> > > > a
> > > > > > > trust relationship through cross-certification; You can accept
> the
> > > > trust
> > > > > > of
> > > > > > > the server cert on connection; You can deploy the server cert
> > issuer
> > > > > root
> > > > > > > CA cert in the client. It's probably the last option that you
> need
> > > > here.
> > > > > > >
> > > > > > > CRL checking must be enabled in your email client. MS does not
> > > deploy
> > > > > > > with it active by default. Also, your client certificates must
> be
> > > > > deployed
> > > > > > > with an active and accessible CRL Distribution Point (CDP)
> value.
> > > > > > >
> > > > > > > Chris
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: New Event Log Errors!
    ... Somehow along those lines I'd also installed the Certificate Authority ... Did you apply the last Server Pack for SBS Server? ... Please install Windows Support Tools on the win2k3 sp1 problematic ... Microsoft is providing this information only as a convenience to you: ...
    (microsoft.public.windows.server.sbs)
  • Re: PKI Question -- Moving CA to New Hardware
    ... I've had to import the certificate chain on subodinate ... It doesn't - the connection between the root and subordinate CAs is the CA ... server, and often do not require access to the servers. ... proceed with the upgrade at any time. ...
    (microsoft.public.security)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: Outlook RPC over HTTp deosnt work
    ... Go to remote web workplace (or Outlook Web Access), accept the certificate prompt, 'view', and 'install' the certificate - accepting all the defaults. ... > when you try to use RPC over HTTP to connect the Exchange Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant disable "Trusted" for Certificates Issued by MS Certificate Server
    ... > The certificate for the root CA (the one that is being used by the MS ... > Certificate Server) was created when I installed MS Certificate Server. ... > The next day, when I got the server cert back from the 3rd-party CA, I ...
    (microsoft.public.platformsdk.security)