Re: MS: David Cross
From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 11/29/02
- Next message: S. Pidgorny [MVP]: "Re: terminal services logon"
- Previous message: Eduardo Crespo: "Certificates issue"
- In reply to: John McCoy: "Re: MS: David Cross"
- Next in thread: John McCoy: "Re: MS: David Cross"
- Reply: John McCoy: "Re: MS: David Cross"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S. Pidgorny [MVP]" <slavickp@yahoo.com> Date: Sat, 30 Nov 2002 00:19:36 +1100
So it works? Cool. I haven't tried myself (one of 10000 things to do) but I
heard from MSCS about problems. Can you confirm that ISA checks CRL when
doing Web publishing? And - are you using internal CA with CRL distribution
point behind ISA or commercial CA certs?
-- Svyatoslav Pidgorny, MS MVP, MCSE -= F1 is the key =- "John McCoy" <itsme109@hotmail.com> wrote in message news:uudmt8p9ibcgd0@corp.supernews.com... > This is a pretty good idea also, you can do crl checking even with ISA2000 > we are doing it now. > > -- > John McCoy > "S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message > news:OlNI9BslCHA.2840@tkmsftngp04... > > It looks like everyone suggests to contact MS with such question? > > > > I do have some suggestions: > > > > * Crtificate distribution: create all certificates inhouse, make private > > keys exportable, export the cert and send the PFX file to the customer. It > > is password-protected. > > > > An online CA is also acceptable but you need to have a mean of verifying > > customer identity before approving the request. The above approach is > easier > > but not good for mass deploument. > > > > * ISA Server and certificate authentication. Trouble, AFAIK. No, it works > > fine, but the problem is CRL checking. It just doesn't happen. And yes, > MSCS > > do have a solution for that problem already. > > > > -- > > Svyatoslav Pidgorny, MS MVP, MCSE > > -= F1 is the key =- > > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > > news:#4LwvlqlCHA.2224@tkmsftngp02... > > > Again, I would recommend contacting MSCS. Either they will be able to > > allay > > > your concerns or they can float your concerns back to Redmond and get a > > > satisfactory answer for you. You might possibly get lucky and get the > > answer > > > here but in matters of security you should be the as careful as you can > > be. > > > > > > -- > > > Joe Richards > > > www.joeware.net > > > --- > > > > > > "John McCoy" <itsme109@hotmail.com> wrote in message > > > news:utvqinfrovp500@corp.supernews.com... > > > > It isn't my site I am thinking of. I just want to make sure when we > set > > up > > > a > > > > certificate server for outside users to contact it is a secure method. > > > There > > > > are some concerns about how I planned to do it. > > > > > > > > This is for our customers to be in compliance with HIPAA > > > > > > > > -- > > > > John McCoy > > > > > > > > > > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > > > > news:OnCdlZykCHA.2008@tkmsftngp08... > > > > > I would recommend contacting your local Microsoft office and getting > a > > > > MSCS > > > > > Security specialist to visit. > > > > > > > > > > -- > > > > > Joe Richards > > > > > www.joeware.net > > > > > --- > > > > > > > > > > "John McCoy" <itsme109@hotmail.com> wrote in message > > > > > news:utu0dj97tne95f@corp.supernews.com... > > > > > > Thank you, I just want to make sure the distribution method we > > choose > > > is > > > > > the > > > > > > most secure one. > > > > > > > > > > > > -- > > > > > > John McCoy > > > > > > > > > > > > > > > > > > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message > > > > > > news:u2qstZekCHA.348@tkmsftngp12... > > > > > > > I am fairly sure you can get pricing and phone numbers from > > > > > > > www.microsoft.com/support. Look under the section for ISA > server > > > [or > > > > > > maybe > > > > > > > windows 2000 server] > > > > > > > > > > > > > > "John McCoy" <jmccoy@cmatech.com> wrote in message > > > > > > > news:esVI9GakCHA.2276@tkmsftngp12... > > > > > > > > I would like to call and speak to someone in some greater > detail > > > > about > > > > > > the > > > > > > > > best way to distribute certificates to outside users. > > > > > > > > > > > > > > > > I plan to use a CA Root for internal users and a standalone > sub > > > for > > > > > > > > external users. We want external users to be issued a > > certificate > > > to > > > > > be > > > > > > > able > > > > > > > > to disgitally sign and encrypt email and attachments. We are > > using > > > > ISA > > > > > > > 2000. > > > > > > > > The question is, is it a good security practice to explse the > > > > > standalone > > > > > > > sub > > > > > > > > to issue certificates? We would publish it using ISA 2000. > > > > > > > > > > > > > > > > I understand this would be a fee based call. > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > John McCoy > > > > > > > > jmccoy@cmatech.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: S. Pidgorny [MVP]: "Re: terminal services logon"
- Previous message: Eduardo Crespo: "Certificates issue"
- In reply to: John McCoy: "Re: MS: David Cross"
- Next in thread: John McCoy: "Re: MS: David Cross"
- Reply: John McCoy: "Re: MS: David Cross"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
