Certificate authority

Certificate authority

am 10.04.2007 22:08:06 von JiminCleveland

I'm trying to Implement the Change Password feature with Outlook Web Access
(Q297121). I followed the procedure documented in Q228821 about generating a
Certificate Request file. I created the file but now it says I have to
submit this file to a Certificate Authority. Where do I find one to submit
this file too? Or, can I generate my own Certificate using Certificate
Services (which is currently not loaded)? Is there something within Windows
that would allow me to do all this right here on this server? Please advise.

Jim

Re: Certificate authority

am 12.04.2007 05:30:48 von Ken Schaefer

You can install Microsoft Certificate Services, submit your cert request,
and have Cert Services issue a cert.

However, since your CA's root certificate is not trusted by your clients
automatically, you'd need to get that installed onto your clients otherwise
they get a warning about the cert being issued by an untrusted root CA. If
you choose an AD-integrated CA, then your domain clients will automatically
get this root CA cert.

If you have WM5 devices, I'm not sure how you add your CA's root signing
cert in however (without an application from your vendor). You have to
submit your cert request to a 3rd party CA (Verisign, Thawte, GoDaddy etc)

Cheers
Ken

"Jim in Cleveland" wrote in
message news:BD9D6524-0CD5-4B72-857A-9E4F1E4B81A4@microsoft.com...
> I'm trying to Implement the Change Password feature with Outlook Web
> Access
> (Q297121). I followed the procedure documented in Q228821 about
> generating a
> Certificate Request file. I created the file but now it says I have to
> submit this file to a Certificate Authority. Where do I find one to
> submit
> this file too? Or, can I generate my own Certificate using Certificate
> Services (which is currently not loaded)? Is there something within
> Windows
> that would allow me to do all this right here on this server? Please
> advise.
>
> Jim

Re: Certificate authority

am 12.04.2007 21:16:04 von JiminCleveland

Ken,

Thanks for the reply. You mention loading certs on client computers. What
if your client computer is someones personal computer at home? Some staff
members access their email from home via webmail. If we install Certificates
on Webmail, how will/should that affect users on the outside?

Jim

"Ken Schaefer" wrote:

> You can install Microsoft Certificate Services, submit your cert request,
> and have Cert Services issue a cert.
>
> However, since your CA's root certificate is not trusted by your clients
> automatically, you'd need to get that installed onto your clients otherwise
> they get a warning about the cert being issued by an untrusted root CA. If
> you choose an AD-integrated CA, then your domain clients will automatically
> get this root CA cert.
>
> If you have WM5 devices, I'm not sure how you add your CA's root signing
> cert in however (without an application from your vendor). You have to
> submit your cert request to a 3rd party CA (Verisign, Thawte, GoDaddy etc)
>
> Cheers
> Ken
>
> "Jim in Cleveland" wrote in
> message news:BD9D6524-0CD5-4B72-857A-9E4F1E4B81A4@microsoft.com...
> > I'm trying to Implement the Change Password feature with Outlook Web
> > Access
> > (Q297121). I followed the procedure documented in Q228821 about
> > generating a
> > Certificate Request file. I created the file but now it says I have to
> > submit this file to a Certificate Authority. Where do I find one to
> > submit
> > this file too? Or, can I generate my own Certificate using Certificate
> > Services (which is currently not loaded)? Is there something within
> > Windows
> > that would allow me to do all this right here on this server? Please
> > advise.
> >
> > Jim
>
>

Re: Certificate authority

am 12.04.2007 23:20:02 von JiminCleveland

Ken,

Can you tell me what you mean by AD-integrated CA?

Jim

"Ken Schaefer" wrote:

> You can install Microsoft Certificate Services, submit your cert request,
> and have Cert Services issue a cert.
>
> However, since your CA's root certificate is not trusted by your clients
> automatically, you'd need to get that installed onto your clients otherwise
> they get a warning about the cert being issued by an untrusted root CA. If
> you choose an AD-integrated CA, then your domain clients will automatically
> get this root CA cert.
>
> If you have WM5 devices, I'm not sure how you add your CA's root signing
> cert in however (without an application from your vendor). You have to
> submit your cert request to a 3rd party CA (Verisign, Thawte, GoDaddy etc)
>
> Cheers
> Ken
>
> "Jim in Cleveland" wrote in
> message news:BD9D6524-0CD5-4B72-857A-9E4F1E4B81A4@microsoft.com...
> > I'm trying to Implement the Change Password feature with Outlook Web
> > Access
> > (Q297121). I followed the procedure documented in Q228821 about
> > generating a
> > Certificate Request file. I created the file but now it says I have to
> > submit this file to a Certificate Authority. Where do I find one to
> > submit
> > this file too? Or, can I generate my own Certificate using Certificate
> > Services (which is currently not loaded)? Is there something within
> > Windows
> > that would allow me to do all this right here on this server? Please
> > advise.
> >
> > Jim
>
>

Re: Certificate authority

am 13.04.2007 07:31:06 von Ken Schaefer

When you install Microsoft Certificate Services you have the option of
installing a stand-alone CA, or an Active Directory Integrated CA.

You may wish to read the Cert Services product documentation so that you are
familiar with the basics of Certificate Services. Additionally, running your
own PKI isn't a trivial exercise, so just read up on the basics of
running/maintaining a PKI as well (especially if you decide to extend the
use of the PKI to other things, such as EFS or 802.1x or IPSec)

Cheers
Ken


"Jim in Cleveland" wrote in
message news:801AF6E6-A867-4245-B0DF-38D9FF16A649@microsoft.com...
> Ken,
>
> Can you tell me what you mean by AD-integrated CA?
>
> Jim
>
> "Ken Schaefer" wrote:
>
>> You can install Microsoft Certificate Services, submit your cert request,
>> and have Cert Services issue a cert.
>>
>> However, since your CA's root certificate is not trusted by your clients
>> automatically, you'd need to get that installed onto your clients
>> otherwise
>> they get a warning about the cert being issued by an untrusted root CA.
>> If
>> you choose an AD-integrated CA, then your domain clients will
>> automatically
>> get this root CA cert.
>>
>> If you have WM5 devices, I'm not sure how you add your CA's root signing
>> cert in however (without an application from your vendor). You have to
>> submit your cert request to a 3rd party CA (Verisign, Thawte, GoDaddy
>> etc)
>>
>> Cheers
>> Ken
>>
>> "Jim in Cleveland" wrote in
>> message news:BD9D6524-0CD5-4B72-857A-9E4F1E4B81A4@microsoft.com...
>> > I'm trying to Implement the Change Password feature with Outlook Web
>> > Access
>> > (Q297121). I followed the procedure documented in Q228821 about
>> > generating a
>> > Certificate Request file. I created the file but now it says I have to
>> > submit this file to a Certificate Authority. Where do I find one to
>> > submit
>> > this file too? Or, can I generate my own Certificate using Certificate
>> > Services (which is currently not loaded)? Is there something within
>> > Windows
>> > that would allow me to do all this right here on this server? Please
>> > advise.
>> >
>> > Jim
>>
>>

Re: Certificate authority

am 13.04.2007 07:31:57 von Ken Schaefer

You would need to load your CA's root certificate onto those client
computers as well, otherwise users will get a warning in their browser that
the cert is issued by an untrusted root CA

Cheers
Ken


"Jim in Cleveland" wrote in
message news:941CF4E7-92EF-463B-80FC-EF284885EDDD@microsoft.com...
> Ken,
>
> Thanks for the reply. You mention loading certs on client computers.
> What
> if your client computer is someones personal computer at home? Some staff
> members access their email from home via webmail. If we install
> Certificates
> on Webmail, how will/should that affect users on the outside?
>
> Jim
>
> "Ken Schaefer" wrote:
>
>> You can install Microsoft Certificate Services, submit your cert request,
>> and have Cert Services issue a cert.
>>
>> However, since your CA's root certificate is not trusted by your clients
>> automatically, you'd need to get that installed onto your clients
>> otherwise
>> they get a warning about the cert being issued by an untrusted root CA.
>> If
>> you choose an AD-integrated CA, then your domain clients will
>> automatically
>> get this root CA cert.
>>
>> If you have WM5 devices, I'm not sure how you add your CA's root signing
>> cert in however (without an application from your vendor). You have to
>> submit your cert request to a 3rd party CA (Verisign, Thawte, GoDaddy
>> etc)
>>
>> Cheers
>> Ken
>>
>> "Jim in Cleveland" wrote in
>> message news:BD9D6524-0CD5-4B72-857A-9E4F1E4B81A4@microsoft.com...
>> > I'm trying to Implement the Change Password feature with Outlook Web
>> > Access
>> > (Q297121). I followed the procedure documented in Q228821 about
>> > generating a
>> > Certificate Request file. I created the file but now it says I have to
>> > submit this file to a Certificate Authority. Where do I find one to
>> > submit
>> > this file too? Or, can I generate my own Certificate using Certificate
>> > Services (which is currently not loaded)? Is there something within
>> > Windows
>> > that would allow me to do all this right here on this server? Please
>> > advise.
>> >
>> > Jim
>>
>>