RE: [ActiveDir] Exchange SSL Certificate "Client Authentication"

[Rick Kingslan]

Or, the Intermediate CA cert…..  ;-) Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Sunday, June 26, 2005 2:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange SSL Certificate "Client Authentication"   Thanks, Rick. I created the certreq.txt, pasted it into the form at Godaddy, they sent me a public key which I then processed through the IIS Certificate Wizard. One thing was that Godaddy also sent an “Intermediate Certificate” which they had me install in the Certificate snap-in. Could this be the source of the problem?   This is what they said about it: ABOUT THE INTERMEDIATE CERTIFICATE Before you install your Web Server Certificate you must install our intermediate certificate -- the sf_issuing.crt  -- on your Web server. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a chain that begins at the trusted root CA, through the intermediate certificate, and ending with the Web Server SSL certificate issued to you. Such a certificate is called "chained root certificate." The usage of an intermediate certificate thus provides an added level of security as the Certification Authority (CA) does not need to issue certificates directly from its CA root certificate.   From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 25, 2005 1:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange SSL Certificate "Client Authentication"   Noah, I suspect that you’re missing a root certificate.  Review your process of creating and importing the certificate into the certificate store to ensure that you, in fact, did have and use the proper Root CA, and that it’s in the correct store.  Ironically, (and I know that this is hard to believe) sometimes Microsoft’s automatic process for getting a cert into the right store doesn’t work.  ;o) Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Saturday, June 25, 2005 3:09 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange SSL Certificate "Client Authentication"   Hi –   I have OWA running on Exchange 2003. I have purchased an SSL certificate from GoDaddy.com and installed it. Now, when clients connect using https://webmail.mycompany.com/exchange, they get a prompt (after supplying credentials):   Client Authentication: “The Web site you want to view requests identification. Select the certificate to use when connecting.” There are no certificates supplied in the dialog box. Depending on the version of IE, the text is slightly different. If the user simply clicks OK, they get in and the transations appear to be going over SSL (the little lock is present and closed).   Finally, this only seems to happen with clients accessing from the outside; internal machines can see it fine.   Any ideas how to prevent this from happening?   Thanks.   -- nme