Outlook anywhere - machine certificates for auth
We have a customer who are looking for a secure way of deploying Outlook anywhere.
It this possible?
To be able to connect to Outlook anywhere they will also use machine certificates for auth.
Morten
解答
To the best of my knowledge, this is not possible, not even with ISA. (I had high hopes when the RpcWithCert virtual directory came with Windows 2003 SP1, but it still turns out to be a place holder for a future authentication feature.) Check out this statement:
You can't do this.
Outlook doesn't support certificate auth.
You can have HTTP-Basic or HTTP-NTLM and that's all.Weblistener w/SSL Client Cert. Auth. and Outlook Anywhere - Jim Harrison \(ISA SE\)
5. October 2008 16:56
http://www.eggheadcafe.com/software/aspnet/33224996/-weblistener-wssl-cli.aspxHowever, you can achieve your goals with Outlook Web Access and simply disable Outlook Anywhere until a more secure access method is in place:
How to Configure Certificate Based Authentication for OWA - Part I
http://msexchangeteam.com/archive/2008/10/07/449942.aspxHow to Configure Certificate Based Authentication for OWA - Part II
http://msexchangeteam.com/archive/2008/11/12/450094.aspxA working solution for Outlook is of course VPN.
Jon-Alfred Smith MCTS: Messaging | MCSE: S+M
所有回覆
To the best of my knowledge, this is not possible, not even with ISA. (I had high hopes when the RpcWithCert virtual directory came with Windows 2003 SP1, but it still turns out to be a place holder for a future authentication feature.) Check out this statement:
You can't do this.
Outlook doesn't support certificate auth.
You can have HTTP-Basic or HTTP-NTLM and that's all.Weblistener w/SSL Client Cert. Auth. and Outlook Anywhere - Jim Harrison \(ISA SE\)
5. October 2008 16:56
http://www.eggheadcafe.com/software/aspnet/33224996/-weblistener-wssl-cli.aspxHowever, you can achieve your goals with Outlook Web Access and simply disable Outlook Anywhere until a more secure access method is in place:
How to Configure Certificate Based Authentication for OWA - Part I
http://msexchangeteam.com/archive/2008/10/07/449942.aspxHow to Configure Certificate Based Authentication for OWA - Part II
http://msexchangeteam.com/archive/2008/11/12/450094.aspxA working solution for Outlook is of course VPN.
Jon-Alfred Smith MCTS: Messaging | MCSE: S+M- You could use Windows 7 with Direct Access. Direct Access, as I undertand it, requires machine certificates.
