Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Wildcard RPC over HTTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Wildcard RPC over HTTP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Wildcard RPC over HTTP - 23.Sep.2004 7:13:00 PM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Hi,

Has anyone tried using RPC over HTTP with a wildcard cert on ISA and a standard cert on the FE?

The reason I ask is with this config it seems that the only way to get it to work is by disabling the "mutually authenticate SSL session" in the outlook client...can anyone else confirm this or descrie in detail what this option and principle name are actually for???

Cheers

JJ
Post #: 1
RE: Wildcard RPC over HTTP - 23.Sep.2004 7:23:00 PM   
paulbaldwin

 

Posts: 139
Joined: 2.Apr.2004
From: Lancashire, UK
Status: offline 		Ah, I'm not going to explain principle names 'cos it left me feeling quite ill when I tried before! It all revolves around certificate attributes (err, I think). Look them up on MSDN if you want a headache too.

But when you enter in the "mutually auth..." bit, you're putting the certificate common name (with wildcard) not the fqdn. Something like:

msstd:*.company.tld

Cheers

(in reply to Jason Jones)
Post #: 2
RE: Wildcard RPC over HTTP - 24.Sep.2004 10:13:00 AM   
paulbaldwin

 

Posts: 139
Joined: 2.Apr.2004
From: Lancashire, UK
Status: offline 		Just to gloss this up abit:

This option makes the client check the name on the certificate rather than just accept it as having been created by a trusted CA. Most browsers do this with Web site SSL certificates and complain if the name doesn't match the fqdn in the url.

Such checking of certificate attributes avoids 'man-in-middle' attacks.

I believe exposing this low level option in a user interface shows signs of it being somewhat 'unfinished'.

(in reply to Jason Jones)
Post #: 3
RE: Wildcard RPC over HTTP - 24.Sep.2004 12:20:00 PM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Cheers Paul, I will try to use msstd:*.domain.com and see if this resolves the issue.

Thanks

JJ

(in reply to Jason Jones)
Post #: 4
RE: Wildcard RPC over HTTP - 24.Sep.2004 4:34:00 PM   
Jason Jones

 

Posts: 2121
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Top news...worked 100% [Smile]

Tom, if you read this, can you please add a note to this affect in your RPC over HTTP article?

Cheers

JJ

(in reply to Jason Jones)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Wildcard RPC over HTTP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts