Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about article on Web Listeners for Autodiscover Service

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Discussion about article on Web Listeners for Autodiscover Service Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about article on Web Listeners for Autodisco... - 10.Sep.2007 12:34:37 PM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		This thread is for discussing the article on Web Listeners for the autodiscover service at XXX

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
Post #: 1
RE: Discussion about article on Web Listeners for Autod... - 14.Sep.2007 9:29:40 AM   
vapor-trails

 

Posts: 14
Joined: 2.Dec.2002
From: US
Status: offline 		Good Morning Tom!

Can you expand on this article with respect to having a site certificate that supports Subject Alternate Names?  I noticed in the article that you've chosen two different website IPs with two different digital certificates.

Wouldn't this work with 1 IP and 1 certificate assuming that the certificate supports Subject Alternate Names?

-Vapor-Trails

(in reply to tshinder)
Post #: 2
RE: Discussion about article on Web Listeners for Autod... - 17.Sep.2007 7:52:42 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi VT,

No, that will not work because the clients aren't able to "consume" the SANs.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to vapor-trails)
Post #: 3
RE: Discussion about article on Web Listeners for Autod... - 17.Sep.2007 8:21:15 PM   
vapor-trails

 

Posts: 14
Joined: 2.Dec.2002
From: US
Status: offline 		I am not sure I follow you.  Could you be more specific?  Thanks!

(in reply to tshinder)
Post #: 4
RE: Discussion about article on Web Listeners for Autod... - 18.Sep.2007 6:53:40 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		The ISA Firewall presents the certificate to the clients. Since the clients aren't able to use the SANs, they won't work.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to vapor-trails)
Post #: 5
RE: Discussion about article on Web Listeners for Autod... - 18.Sep.2007 4:26:54 PM   
vapor-trails

 

Posts: 14
Joined: 2.Dec.2002
From: US
Status: offline 		I am not sure I understand why the client wouldn't be able to use SANs.  There are 3 providers (probably more) that i know of that will be in the trusted certificate list (Verisign, Thwate, Godaddy, etc).

If I am publishing "mobile.E2K7domain.com" to 13.13.13.13 and "autodiscover.E2K7domain.com" to 13.13.13.13; all while using a wildcard cert, why wouldn't ISA 2006 properly setup the SSL and then pass it on to CAS?

-Vapor-Trails

(in reply to tshinder)
Post #: 6
RE: Discussion about article on Web Listeners for Autod... - 19.Sep.2007 7:20:54 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		The wildcard cert is using the subject name field, that's why that works.

The clients don't "consume" the SAN fields.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to vapor-trails)
Post #: 7
RE: Discussion about article on Web Listeners for Autod... - 17.Oct.2007 11:12:12 AM   
jazzer

 

Posts: 24
Joined: 15.Feb.2004
From: Switzerland
Status: offline 		Hi Tom,

1.
I read your article and all other article on msExchangeTeam and msExchangeOrg and technet. To Publish Exchange 2007 with isa 2006, it maks never sense to take a UC Certificate or a Certificate with SAN's. Is this right? The Isa can only consume the first cn in the Cert, it is one Match, like a Normal cheap Webserver Certificate? All other Names in the Cert brakes the Isa.
Is there a reason to take a SAN Cert instead to a Normal Cert when i publish ex07 with isa06?

Is a Fix for the ISA 06 SAN Problem in the pipeline? (I know the fix for the Outlook 2007, SRV Record)

2.
Would it work when i publish all the Ex07 URL's with the autodiscover.doamin.com/owa  ./rpc URL instead owa.doamin.com? With this i only need 1IP 1SSL Cert. It resolves all the problems?

Regards Stive

(in reply to tshinder)
Post #: 8
RE: Discussion about article on Web Listeners for Autod... - 18.Oct.2007 9:47:43 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Stive,

1. I don't think so, they might in the next version.

2. Not sure this will work, because of the authentication requirements

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to jazzer)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Discussion about article on Web Listeners for Autodiscover Service Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts