Since the only connection allowed to the box is SSL (443) everything sent over the web is encrypted. Backend end connection may not. That depends on if you use an SSL certificate to secure STA/XML communications. The 1 URL, 1 IP, 1 SSL Cert makes setup and management easy, however there are some drawbacks. No Smart Card Authentication integration with WI No Client IP address is available (important if you apply setting Citrix Policies) No URL redirection from HTTP to HTTPS from the server. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rota, Brian Sent: Tuesday, April 25, 2006 9:57 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CSG and Web Interface on 1 box I would prefered 1 box with 1 cert but I want to make sure nothing is sent in clear text over the web. Brian Brian Rota, MTM Technologies, Inc. (formerly NEXL, Inc.) Sr. Systems Engineer,MCSE,CCEA Tel. 978.538.3000 Cell 978.886.8127 _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Tuesday, April 25, 2006 12:53 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CSG and Web Interface on 1 box I think what you are referring to is socking pooling. If you wanted to have WI and CSG to have different SSL certs with 2 IPs with each running on port 443 (each with it's own IP) you needed to disable socket pooling using the CLI command. CSG 3.0 is basically the same as 2.0 with a few new features to support PS 4. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of HBooGz Sent: Tuesday, April 25, 2006 9:44 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: CSG and Web Interface on 1 box There used to an issue with both running on the same box and there needed to be a command ran from the CLI in order to make sure everything is working. I'm currently running WI 2.1 and CSG 2.0 running on the same box but defintely had to plan ahead about the installation and SSL installation. I'm considering about upgrading WI and CSG to the latest version -- do the latest versions of the each software account for this type of setup ? Anything in particular i should look for or prepare/plan for ? Thanks, HS On 4/25/06, Joe Shonk <joe.shonk@xxxxxxxxx> wrote: Why? You only need 1 public IP address and 1 SSL certificate. The CSG service will proxy WI traffic for you. Both can reside on the same server. CSG runs on 443 and WI on 80 so there is no conflict. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rota, Brian Sent: Tuesday, April 25, 2006 9:17 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] CSG and Web Interface on 1 box Hello I have a client with 25 users currently They are looking to upgrade the hardware that runs their CSG and Web interface currently on 2 servers. They would like to consolidate if possible to one box securely. Can this be done by hosting 2 Ip addresses on the same server? I know in the past you have had to change the SSL port on IIS to something like 444 to make it work. I was thinking 1 ip for CSG using an SSL cert and 1 ip for Web interface using a different SSL cert. Thanks Brian -- HBooGz:\>