• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 195
  • Last Modified:

Client Certificate Requirement for RPC/HTTP

Projecthenry worked out a solution to his problem on this issue. I would like to find the same solution.

I have a working setup of RPC over HTTPS in place, however I need to tie down what machines can access this service to avoid it getting set up on users home machines.

Does anybody have a soltution to this?
0
ITSLON
Asked:
ITSLON
  • 3
  • 3
1 Solution
 
flyingskyCommented:
Never done this before personally, but RPC over HTTPS is basicly configured on IIS, check the following link about client authentication. Hope this helps.
http://technet.microsoft.com/en-us/library/cc736680.aspx
0
 
ITSLONAuthor Commented:
Thank you. That is helpful. Unfortunately I don't think the solution is there, but there is great information in that article.
0
 
MesthaCommented:
The only way is to use an ISA Server. Outlook cannot cope with certificate prompts that would be required if you used client certificates.

-M
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
ITSLONAuthor Commented:
We do have an ISA2004 server in place. It is used for our OWA solution too. We have a separate Exchange Frontend server that is our RPC over HTTP proxy.

How would I set up ISA to do the client certificate requests?
0
 
MesthaCommented:
You didn't understand what I wrote - this feature CANNOT use client certificates. End of story.

All ISA would allow you to do is control access to the feature, most likely by allowing access to a subset of users.

-M
0
 
ITSLONAuthor Commented:
Right, I see. Thanks for the quick response.

So if I'm understanding correctly now, you are saying there is no way to restrict access to particular machines?
0
 
MesthaCommented:
To specific machines - no. Specific users, probably with ISA.
If you are concerned that users will access the feature with their own systems (outside of your control) then you will be unable to deploy this solution. It is designed to be accessed by machines that are not members of the domain.

Even if you did deploy client certificates, there is nothing to stop a user from lifting that certificate from the machine and copying it to another one.

-M
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now