Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Securing outlook Anywhere using certificate for Outlook 2007 user authentication only

Posted on 2011-02-23
12
Medium Priority
?
514 Views
Last Modified: 2012-05-11
Hi Everyone,

I'd like to know if it is possible to secure Outlook 2007 Anywhere using certificate base ? so that user can just import the certificate that I created internally here and then just selecting the certificate name rather than typing their DOMAIN\username everytimethey connect to the remote head quarter base from their home laptop ?

At the moment I do have SAN certificate for my OWA issued by 3rd party CA, but only for the user that i'd like to know if it is possible.

Any pointer to resolve this issue would be greatly appreciated.

Thanks
0
Comment
Question by:jjoz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 1

Author Comment

by:jjoz
ID: 34967502
by using the certificate that i must install to each user desktop generated by the internal CA, so it becomes more secure and easier for the user just select the dropdown list of the certificate rather than typing the username and password.
0
 
LVL 27

Accepted Solution

by:
davorin earned 2000 total points
ID: 34973330
I'm afraid this is not possible.
Unless you can write a new outlook plug-in which will show the list of personal certificates at the time of authentication. You will need also at server side mechanism to to accept/reject certificates and change it into correct user logon.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34973783
ok, so the only authentication is only username and password manual type ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:davorin
ID: 34974406
Actually yes. There are two auth. types (basic & NTLM) , but both prompts for password.
Some additional info:
http://technet.microsoft.com/en-us/library/bb430792.aspx
0
 
LVL 1

Author Comment

by:jjoz
ID: 34974927
ahh OK, because I have imported the SSL that was generated by the internal company CA and yes I was able to select the certificate, but somehow it just keep asking me again and again.

maybe you are right, typing the password manually is the only way to go with Outlook Anywhere 2007.
0
 
LVL 27

Expert Comment

by:davorin
ID: 34982356
Do you get password prompt ot opening outlook or continually when the outlook is open?
If it is the second case, you will need to (suggest fully) update exchange server.
This problem was solved by SP1 Rollup 9.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34985617
at the opening only, and I never be able to connect.
0
 
LVL 27

Expert Comment

by:davorin
ID: 34986933
So OA is actually not working.
You can use this site to test your setup:
https://www.testexchangeconnectivity.com/

You can also try to use outlook /rpcdiag from LAN.
http://www.amset.info/exchange/rpc-http-diag.asp

In most cases the problem is with non trusted certificates, but in this case you are using 3dr party cert, so this should not be a problem. Anyway I always make sure, that when PC connects to OWA that cert is trusted and also chech out if in trusted root CA is listed CA who issued the cert.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34986962
Davorin, thanks for the reply, OWA is not activated for outside access deliberately so it is expected, however only this Outlook Anywhere that I want to activate it.

so OWA is not a problem now.
0
 
LVL 27

Expert Comment

by:davorin
ID: 34987060
Accessing to OWA is just the fastest way tho check if everything is OK with a cert. You can still try to help you with two links I have posted.
OA is not a typo - it stands for Outlook Anywhere (Just in case we did not understood correctly ;))
0
 
LVL 1

Author Comment

by:jjoz
ID: 34987237
ah yes, my bad. i thought that was typo.

thakns for the advice and I shall test it out next week mate.
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 34991217
Yes, you are right, that this is impossible for now.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question