SSL Connections and certificates

[Venefyxatu]

Hi,

I have a problem with my SSL certificates while trying to publish an OWA site through ISA Server 2004.

The test setup is as follows :
- 1 server hosting Exchange, the root CA, Domain Controller, internal DNS
- 1 server doing nothing but hosting the ISA server
- 1 "internet" computer playing client and hosting the "internet" DNS.

The OWA site gets published just fine, SSL connection on both sides of the ISA server, the only problem is that the "internet" computer does not trust my internal root CA.
This, as far as I know, makes sense : I made my own root CA, so it's not included in IE's CA database.

My question, now, is how on earth do I get the "internet" computer to install the root certificate so that it will trust my CA?
I know I could just put it on a USB stick and install it, but I'd prefer it to happen through the network.
Currently the only certificate I can install is that of the OWA site.

I hope I made sense ... if not, please ask and I'll do my best to clarify

Regards,

Venefyxatu

 

[coco10]

hi, check this first.

http://www.isaserver.org/articles/2004sslisafirewallpart1.html

http://www.isaserver.org/articles/exportsslcert.html

http://www.isaserver.org/articles/2004pubowartm.html

hope its helps
coco10

 

[NickFerrar]

I don't think you can other than a root certificate export like you mention, unless it's possible for the client to connect to your issuing CA and get it from there via the website the CA will have (never tried this)? Can probably also email it to people to install (again never tried this on a root certificate).

My question anyway would be why do you want this anyway? 3rd party SSL certificates aren't that expensive and negates this issue. If you really can't afford 3rd party certs then the client can just easily import the specific cert for the web-site.