• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Client Certificate Authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Client Certificate Authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Client Certificate Authentication - 24.Mar.2009 1:12:37 PM   
mparsons

 

Posts: 5
Joined: 20.Mar.2009
Status: offline
I was hoping somebody could just explain this to me. I currently have ISA setup and working running OWA and ActiveSync. I'm going to be changing OWA to use RSA 2-factor auth, but don't want to use RSA for ActiveSync. Can somebody explain to me (in some detail, preferably) how to setup client certificate authentication for activesync works?

This may be simple but is driving me nuts! Thanks in advance.
Post #: 1
RE: Client Certificate Authentication - 24.Mar.2009 6:54:31 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi,

Exchange 2003 or 2007?

If 2003, check out Appendix C here: http://technet.microsoft.com/en-us/library/bb794845.aspx

If 2007, check out Appendix C here: http://technet.microsoft.com/en-us/library/bb794751.aspx

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mparsons)
Post #: 2
RE: Client Certificate Authentication - 24.Mar.2009 7:44:35 PM   
mparsons

 

Posts: 5
Joined: 20.Mar.2009
Status: offline
Thanks for the info, that was helpful. However, I'm still a little uncertain about how to create/assign certificates. I'm planning on using the internal CA for everything. I will obvioulsy need to install the root CA cert on the iPhones, but what other certs are involved. I took the self-created cert from the ISA (what the listener is using) and installed that on the CAS box. Do I need to create certs per user and install them on each device? Thanks again for the help and info.

Attached the ISA log below:

Log type: Web Proxy (Reverse)
Status: 12232 The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.
Rule: EAS
Source: (166.190.245.147)
Destination: (10.37.40.7:443)
Request: OPTIONS http://isa.domain.om/Microsoft-Server-ActiveSync
Filter information: Req ID: 0848b9bd; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: anonymous
Additional information
Client agent: Apple-iPhone/508.11
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 1 ms
MIME type:

(in reply to Jason Jones)
Post #: 3
RE: Client Certificate Authentication - 24.Mar.2009 7:50:21 PM   
mparsons

 

Posts: 5
Joined: 20.Mar.2009
Status: offline
By the way, 2007.

(in reply to mparsons)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Client Certificate Authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts