Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
OWA and Forms Based Auth.
- Thread starter user125
- Start date
- Thread starter
- #3
yes I used the domain\username.. What I'm confused about is.. it ignores the username/password thats enter and asked for the username and password in popup auth box. I have to enter the info twice in order to get in. I was told that its because I don't have ssl so I used the suggestion to add an entry into the registry to allow owa over non-ssl
and now even though i enter the username/pw w/ or w/o domain it just reloads the page.. Im lost.
and now even though i enter the username/pw w/ or w/o domain it just reloads the page.. Im lost.
monsterjta
IS-IT--Management
Why are you using forms based auth without SSL? Doesn't this go hand in hand?
Yes. You have to use SSL with FBA.
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Bhavin78
IS-IT--Management
- Oct 26, 2004
- 320
try this if it helps
1) Create and installed Certificate using selfSSL
2)SSL Enabling OWA 2003 using your own Certificate Authority
3)Password change
1) Create and installed Certificate using selfSSL
2)SSL Enabling OWA 2003 using your own Certificate Authority
3)Password change
- Thread starter
- #7
Bhavin78. Thanks a billion. That worked and now I'm finally able to test this thing out.
Got a question though. Considering its for OWA and only our internal users will be using it, what are the pros and cons of using your own CA vs using verisign. Is there anything that an auditing company would catch you for if you're authorizing your own certs for your own site?
Got a question though. Considering its for OWA and only our internal users will be using it, what are the pros and cons of using your own CA vs using verisign. Is there anything that an auditing company would catch you for if you're authorizing your own certs for your own site?
monsterjta
IS-IT--Management
Using a private CA is the way most orgs go. No need to use Verisign, or some other outside CA, unless your doing e-commerce and EVERY NEEDS to trust you.
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
I would have to disagree with that. If you want your users to be able to get into OWA remotely, from ANY Internet connected PC, using a self signed cert isn't the way to go. A majority of my clients all use third party certs. From one man shops to 3000+ user shops.
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
monsterjta
IS-IT--Management
And, why would one be able to use OWA from ANY Internet connected PC using a self signed cert?
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
- Thread starter
- #11
Well, I do want my users to get into OWA remotely from anywhere in the country. But whats the problem with using a self signed cert? We have roughly about 200 users. We've been using basic auth. owa and recently wanted to change to forms based. So anything is a big jump. We want the info encrypted but if I can avoid the associated costs with going with verisign, I'd prefer to go the self signed route. Unless you can convince me that, that is the wrong way to go.
monsterjta
IS-IT--Management
My previous post meant to read:
And, why would one not be able to use OWA from ANY Internet connected PC using a self signed cert?
And, why would one not be able to use OWA from ANY Internet connected PC using a self signed cert?
You can. But the issue is that with a third party cert, there are no alert dialog boxes coming up (which just causes user confusion).
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
- Thread starter
- #14
Bhavin78
IS-IT--Management
- Oct 26, 2004
- 320
I agree with user125 there is nothing wrong using using self signed cert no matter how many users are accessing OWA, its still going to do job like verisign.
As 58snipper said, all the user will have pop up to agree on selfSSL but there is a work around on that. I think you can get rid of it with some script. Try and do some research and you might come up with something.
As 58snipper said, all the user will have pop up to agree on selfSSL but there is a work around on that. I think you can get rid of it with some script. Try and do some research and you might come up with something.
- Thread starter
- #16
monsterjta
IS-IT--Management
user125,
If you're getting a pop-up stating that the site isn't secure, that's another story. This is possibly due to having the wrong CN on your cert.
What, exactly, is the pop-up window stating? If you don't mind, spell it out so I know what message you are receiving.
I use a self-signed cert for my OWA, and I never receive any security warnings or anything when I access the site.
Hope This Helps,
Good Luck!
I don't think this is the message we're talking about here. I think what 58sniper is talking about is the certificate pop-up dialogue, asking if you want to continue.
If you're getting a pop-up stating that the site isn't secure, that's another story. This is possibly due to having the wrong CN on your cert.
What, exactly, is the pop-up window stating? If you don't mind, spell it out so I know what message you are receiving.
I use a self-signed cert for my OWA, and I never receive any security warnings or anything when I access the site.
Hope This Helps,
Good Luck!
What 58sniper is saying i think is that the problem with a selfSSL cert is that you will get an error message before the logon page with this message:
"There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to
the server.
We recommend that you close this webpage and do not continue to this website."
Now you can still continue to use it and there is an option to continue to the website (even though it says its not recommended). Granted yes that will confuse the users and they will probably be asking you questions. You dont specifically have to use Verisign. There are several other companies that are certification authorities such as GeoTrust, Thawte, GeoCerts, and several others but those are the major ones. GeoCerts gets theirs from GeoTrust at a good discounts which is given to the customer so they have affordable certificates, and since they are from GeoTrust you get support from them just as if you bought it from them.
If you dont need the SSL for anything else but OWA then you can get a basic SSL Certificate withup 256 bit encryption. GeoCerts has 1 for $99 for 1 year that will work for OWA.
Wm. Reynolds
RRWDS | TxPSS
- - - - - - - - - - - - -
Network Error:
Hit any user to continue
"There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to
the server.
We recommend that you close this webpage and do not continue to this website."
Now you can still continue to use it and there is an option to continue to the website (even though it says its not recommended). Granted yes that will confuse the users and they will probably be asking you questions. You dont specifically have to use Verisign. There are several other companies that are certification authorities such as GeoTrust, Thawte, GeoCerts, and several others but those are the major ones. GeoCerts gets theirs from GeoTrust at a good discounts which is given to the customer so they have affordable certificates, and since they are from GeoTrust you get support from them just as if you bought it from them.
If you dont need the SSL for anything else but OWA then you can get a basic SSL Certificate withup 256 bit encryption. GeoCerts has 1 for $99 for 1 year that will work for OWA.
Wm. Reynolds
RRWDS | TxPSS
- - - - - - - - - - - - -
Network Error:
Hit any user to continue
- Thread starter
- #19
I have a couple hundred certs from FreeSSL/RapidSSL and it's been great. It's under $100 for two years.
And yes, it will get rid of the popup warning (IE < 7) or the nasty warning (IE 7) that your users see.
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
And yes, it will get rid of the popup warning (IE < 7) or the nasty warning (IE 7) that your users see.
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question
