IIS Server Security, How to automate this ... ?

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> How to automate this ... ?

by Steven Wong » Wed, 03 Aug 2005 15:24:51 GMT

Hi,

In IE, when I double click yellow pad-lock and click the install certificate
button,
although it said successfully processed the certificate, but I still get a
red cross
with my certificate icon ...

Then I found this KB ...
http://support.microsoft.com/?id=297681

and it successfully made my client's IE to trust my Microsoft CA ...

But are there anyway to automate this process so my client
don't really need to access the
https://www.mydomain.com/rootinstall.asp
to make the IE to trust my MS CA ?

TIA

Steven



Top

IIS Server Security >> How to automate this ... ?

by Miha Pihler [MVP] » Thu, 04 Aug 2005 23:10:22 GMT


Hi,

Are these computers members of your domain? If yes you can use group policy
to determine which certificates clients will trust.

--
Mike
Microsoft MVP - Windows Security







Top

IIS Server Security >> How to automate this ... ?

by Steven Wong » Fri, 05 Aug 2005 07:33:57 GMT

Hi,

Thanks for your reply..
No, there will be internet users connecting to this secure web site.
So, that means there must be some kind of user intervention to manually
make the IE to trust my own Microsoft CA ?

TIA

Steven


policy


a



Top

How to automate this ... ?

by David Wang [Msft] » Fri, 05 Aug 2005 17:20:47 GMT

Correct. It must be manual, or else it is a security vulnerability in the
browser. Servers cannot automatically change a trusted resource of the
client unless you established trust to that server (that's basically what
Domain membership and Group Policy is -- the server trusts the external
Domain Controller).

If the users are not controlled, your only options are to:
1. Make the users install your random certificate into their trusted root
(BIG RED FLAG -- no one should do this, but dumb users probably will)
2. Purchase a certificate from an established Certificate Registrar. They
already got their Root CA Certificate into the user's trusted root store.

Read the following blog entry for details as to why things are the way they
are:
http://blogs.msdn.com/david.wang/archive/2005/08/02/Free_SSL_on_IIS.aspx

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//


Hi,

Thanks for your reply..
No, there will be internet users connecting to this secure web site.
So, that means there must be some kind of user intervention to manually
make the IE to trust my own Microsoft CA ?

TIA

Steven


policy


a




Top
Similar Threads

1. automate iis setup and permissions

2. Automating Word in ASP ?

3. FP 2003 ASP form - automated email confirmation

4. Automated Background printing of Office Documents

5. DB to XML - Best way to automate 

I have two XML files that a generated from a database.

Presently I have to go into my admin section to click a link that
loads the pages that in turn create the pages.

As my database is updated (new entries relating to property sales)
this is a bit of a pain.

Has anyone dealt with this issue before?

I could have it so that when the home page is loaded the XML files are
generated - but this seems to be far to frequent, but the home page is
the only page I can guarantee is loaded!

Perhaps I should keep track of page creations, and perhaps look at the
last entry, if it's older than say 15 minutes then create the pages ??

This is not a code question, more advice on how this has been dealt
with by others. [I can't create a scheduled event on the server - it's
a shared one]

Many thanks

Jon

6. Automating tasks - Database Tutorial in ASP

7. automated translation of Classic ASP to ASP.Net? 

Any software out there to do this?
Thanks!
Scotter

8. automating a daily function - ASP