[THIN] Re: SSL Relay
- From: Robert Walk <rwalk@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: 27 Sep 2002 15:17:28 -0400
At any given time we may have at most 3-5 external users. With
Metaframe 1.8 it was easy to have the user connect to a second interface
that forced 128 bit encryption. Unfortunately, I have found out that it
is not that easy in XP. So I have got NFuse running on an Apache web
server with SSL and have modified the template.ica file to force 128 bit
ica connections. I really wanted to have the session over ssl and use
ssl relay but can't figure out how to get server certificate into ssl
relay. Yet! I may still look at CSG but as I said before it still looks
like CSG wants some kind of signed certificate. Thanks again for the
input.
Rob
On Fri, 2002-09-27 at 13:54, Chris Lynch wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> How many users are we talking about?
>
> I haven't setup SSL Relay before, so I cannot help you with that
> error message you are getting.
>
> CHRIS LYNCH - MCSE, CCNA, CCA
> NETWORK ENGINEER - INFORMATION TECHNOLOGY
> NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
> Chris.lynch@xxxxxxxxxx Tel 949.367.3406
>
>
> - -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Robert Walk
> Sent: Friday, September 27, 2002 10:25 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: SSL Relay
>
>
>
> It just seems to me that having one service handle the ssl traffic is
> a more straightforward and less complex way of handling the encrypted
> session in a small environment. Again, I may be out of my mind crazy
> and am always open to suggestions. Also, the system requirements for
> the CSG and STA servers is ridiculous and we don't happen to have a
> spare machine of that capability laying around.
>
> I think right now the problem is with a lack of knowledge about SSL.
> I was able to get a server certificate from Thawte and when I try to
> use the conversion utility in the SSL relay directory I get a message
> that the file does not have a signed certificate. I thought that was
> what I got from them, no? Anyway, I appreciate the input thus far.
>
> Rob
>
> On Fri, 2002-09-27 at 12:01, Chris Lynch wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > What is "your situation"? If you mean that you cannot deploy
> > Nfuse, then you are correct. CSG won't work for you. Well, it
> > could (in Relay mode, which is basically SSL Relay), but that is
> > not the
> > preferred configuration for CSG.
> >
> > CHRIS LYNCH - MCSE, CCNA, CCA
> > NETWORK ENGINEER - INFORMATION TECHNOLOGY
> > NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
> > Chris.lynch@xxxxxxxxxx Tel 949.367.3406
> >
> >
> > - -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Robert Walk
> > Sent: Friday, September 27, 2002 5:43 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: SSL Relay
> >
> >
> >
> > Yep, I have FR2. From what I have read it appears that SSL Relay
> > is a better solution for our situation. Of course I could be
> > wrong!
> >
> > Rob
> >
> > On Thu, 2002-09-26 at 21:26, Chris Lynch wrote:
> > >
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > If you want a test cert, I would use a Thawte cert. They last 21
> > > days, and are just the same as Verisign. If cannot get a "free"
> > > one, the Thawte 1 year is $199. Cheaper that Verisign.
> > >
> > > Also, why are you using SSL Relay? Do you have FR2?
> > >
> > > CHRIS LYNCH - MCSE, CCNA, CCA
> > > NETWORK ENGINEER - INFORMATION TECHNOLOGY
> > > NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
> > > Chris.lynch@xxxxxxxxxx Tel 949.367.3406
> > >
> > >
> > > - -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Eugene Herman
> > > Sent: Thursday, September 26, 2002 11:57 AM
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: SSL Relay
> > >
> > >
> > >
> > > You can get a free certificate from Verisign - good for 14 days -
> > > you muet = also load a file called getacert.cer on the WS -
> > > also available free from = Verisign - and yes you can download
> > > another one on day 15
> > >
> > > >>> rwalk@xxxxxxxxxxx 09/26/02 01:48PM >>>
> > >
> > > Hello,
> > >
> > > I am trying to configure SSL relay for Metaframe XP on Windows
> > > 2000 Server. Right now I am just trying to test it and
> > > possibly deploy it to a few users. The problem I am having is
> > > with the "Server Certificate", is there a way to use one with
> > > having to pay for it? I have read some of the docs and haven't
> > > been able to come a signed certificate that works. Any
> > > pointers would be greatly appreciated.
> > >
> > > Thanks,
> > >
> > > Rob
> > >
> > >
> > >
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation=20
> > > TScale by Kevsoft Corporation=20
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware! =20
> > > http://www.kevsoft.com/=20
> > > ***********************************************
> > >
> > > For Archives, to Unsubscribe, Subscribe or=20
> > > set Digest or Vacation mode use the below link.
> > >
> > > http://thethin.net/citrixlist.cfm
> > >
> > >
> > >
> > > ******************************************************************
> > > ** ** ***
> > > This message, together with any attachments, is intended only for
> > > the use of the individual or entity to which it is addressed.
> > > It may contain information that is confidential and prohibited
> > > from disclosure. If you are not the intended recipient, you are
> > > hereby notified that any dissemination or copying of this
> > > message or any attachment is strictly prohibited. If you have
> > > received this
> > > message in error, please notify the original sender immediately
> > > by telephone or by return e-mail and delete this message along
> > > with any
> > > attachments, from your computer. Thank you.
> > > ******************************************************************
> > > ** ** ***
> > >
> > >
> > >
> > > ******************************************************************
> > > ** ** ***
> > > This message, together with any attachments, is intended only for
> > > the use of the individual or entity to which it is addressed.
> > > It may contain information that is confidential and prohibited
> > > from disclosure. If you are not the intended recipient, you are
> > > hereby notified that any dissemination or copying of this
> > > message or any attachment is strictly prohibited. If you have
> > > received this
> > > message in error, please notify the original sender immediately
> > > by telephone or by return e-mail and delete this message along
> > > with any
> > > attachments, from your computer. Thank you.
> > > ******************************************************************
> > > ** ** ***
> > >
> > >
> > >
> > > ******************************************************************
> > > ** ** ***
> > > This message, together with any attachments, is intended only for
> > > the use of the individual or entity to which it is addressed.
> > > It may contain information that is confidential and prohibited
> > > from disclosure. If you are not the intended recipient, you are
> > > hereby notified that any dissemination or copying of this
> > > message or any attachment is strictly prohibited. If you have
> > > received this
> > > message in error, please notify the original sender immediately
> > > by telephone or by return e-mail and delete this message along
> > > with any
> > > attachments, from your computer. Thank you.
> > > ******************************************************************
> > > ** ** ***
> > >
> > >
> > >
> > > ******************************************************************
> > > ** ** ***
> > > This message, together with any attachments, is intended only for
> > > the use of the individual or entity to which it is addressed.
> > > It may contain information that is confidential and prohibited
> > > from disclosure. If you are not the intended recipient, you are
> > > hereby notified that any dissemination or copying of this
> > > message or any attachment is strictly prohibited. If you have
> > > received this
> > > message in error, please notify the original sender immediately
> > > by telephone or by return e-mail and delete this message along
> > > with any
> > > attachments, from your computer. Thank you.
> > > ******************************************************************
> > > ** ** ***
> > >
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation
> > > TScale by Kevsoft Corporation
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware!
> > > http://www.kevsoft.com/
> > > ***********************************************
> > >
> > > For Archives, to Unsubscribe, Subscribe or
> > > set Digest or Vacation mode use the below link.
> > >
> > > http://thethin.net/citrixlist.cfm
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 7.1
> > >
> > > iQA/AwUBPZOzyfl56xfvzmMfEQJEjQCdE2kxQvYG5SHSw8UbRgztXg7QONUAn3YN
> > > ez6pWCqWHuQFWqueYNGeJCfg
> > > =YaXO
> > > -----END PGP SIGNATURE-----
> > >
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation
> > > TScale by Kevsoft Corporation
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware!
> > > http://www.kevsoft.com/
> > > ***********************************************
> > >
> > > For Archives, to Unsubscribe, Subscribe or
> > > set Digest or Vacation mode use the below link.
> > >
> > > http://thethin.net/citrixlist.cfm
> >
> >
> > **********************************************
> > This weeks sponsor Kevsoft Corporation
> > TScale by Kevsoft Corporation
> > Support 30% to 40% more users on your server farm
> > without buying new hardware!
> > http://www.kevsoft.com/
> > ***********************************************
> >
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link.
> >
> > http://thethin.net/citrixlist.cfm
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 7.1
> >
> > iQA/AwUBPZR/Efl56xfvzmMfEQLF9ACfdskQV/S8ghaJL/DU9EeGCUwCLbcAn1Ql
> > J16EQ4zuokaAulBexwY89ieI
> > =wfzH
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > -- Binary/unsupported file stripped by Ecartis --
> > -- Type: application/ms-tnef
> > -- File: winmail.dat
> >
> >
> > **********************************************
> > This weeks sponsor Kevsoft Corporation
> > TScale by Kevsoft Corporation
> > Support 30% to 40% more users on your server farm
> > without buying new hardware!
> > http://www.kevsoft.com/
> > ***********************************************
> >
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link.
> >
> > http://thethin.net/citrixlist.cfm
>
>
> **********************************************
> This weeks sponsor Kevsoft Corporation
> TScale by Kevsoft Corporation
> Support 30% to 40% more users on your server farm
> without buying new hardware!
> http://www.kevsoft.com/
> ***********************************************
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPZSbPPl56xfvzmMfEQLWpQCeMETH2lKMKLr1qsFXvDvoGoUKjYoAn2Ka
> rw9TmvpNfrJckePAFsVtD9XX
> =yHMn
> -----END PGP SIGNATURE-----
>
> **********************************************
> This weeks sponsor Kevsoft Corporation
> TScale by Kevsoft Corporation
> Support 30% to 40% more users on your server farm
> without buying new hardware!
> http://www.kevsoft.com/
> ***********************************************
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor Kevsoft Corporation
TScale by Kevsoft Corporation
Support 30% to 40% more users on your server farm
without buying new hardware!
http://www.kevsoft.com/
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
- Follow-Ups:
- [THIN] Re: SSL Relay
- From: Chris Lynch
- References:
- [THIN] Re: SSL Relay
- From: Chris Lynch
Other related posts:
- » [THIN] SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- » [THIN] Re: SSL Relay
- [THIN] Re: SSL Relay
- From: Chris Lynch
- [THIN] Re: SSL Relay
- From: Chris Lynch