[THIN] Re: SSL Relay

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, as does SSL Relay.  The whole point of using SSL is to encrypt
the communication between the relay host and the client.  Please do a
little more research into how PKI works.

You need to have a signed SSL Certificate, if not by an internal
Certificate Root Authority (which you will have to give out the CA
root's cert to all of your clients), then with Verisign or Thawte or
Baltimore.  YOU NEED to have a signed certificate, or you will never
get it working. 

CHRIS LYNCH -  MCSE, CCNA, CCA
NETWORK ENGINEER - INFORMATION TECHNOLOGY
NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
Chris.lynch@xxxxxxxxxx  Tel 949.367.3406


- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Walk
Sent: Friday, September 27, 2002 12:17 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: SSL Relay



At any given time we may have at most 3-5 external users.  With
Metaframe 1.8 it was easy to have the user connect to a second
interface that forced 128 bit encryption.  Unfortunately, I have
found out that it is not that easy in XP.  So I have got NFuse
running on an Apache web server with SSL and have modified the
template.ica file to force 128 bit ica connections.  I really wanted
to have the session over ssl and use ssl relay but can't figure out
how to get server certificate into ssl relay. Yet!  I may still look
at CSG but as I said before it still looks like CSG wants some kind
of signed certificate.  Thanks again for the input.

Rob

On Fri, 2002-09-27 at 13:54, Chris Lynch wrote:
> 
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> How many users are we talking about?
> 
> I haven't setup SSL Relay before, so I cannot help you with that
> error  message you are getting.
> 
> CHRIS LYNCH -  MCSE, CCNA, CCA
> NETWORK ENGINEER - INFORMATION TECHNOLOGY
> NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 
> Chris.lynch@xxxxxxxxxx  Tel 949.367.3406
> 
> 
> - -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
> On  Behalf Of Robert Walk
> Sent: Friday, September 27, 2002 10:25 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: SSL Relay
> 
> 
> 
> It just seems to me that having one service handle the ssl traffic
> is  a more straightforward and less complex way of handling the
> encrypted  session in a small environment.  Again, I may be out of
> my mind crazy  and am always open to suggestions.  Also, the system
> requirements for  the CSG and STA servers is ridiculous and we
> don't happen to have a  spare machine of that capability laying
> around.
> 
> I think right now the problem is with a lack of knowledge about
> SSL. I was able to get a server certificate from Thawte and when I
> try to use the conversion utility in the SSL relay directory I get
> a message that the file does not have a signed certificate.  I
> thought that was what I got from them, no?  Anyway, I appreciate
> the input thus far.  
> 
> Rob
> 
> On Fri, 2002-09-27 at 12:01, Chris Lynch wrote:
> >  
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > What is "your situation"?  If you mean that you cannot deploy
> > Nfuse,   then you are correct.  CSG won't work for you.  Well, it
> > could (in   Relay mode, which is basically SSL Relay), but that
> > is not the preferred configuration for CSG.
> > 
> > CHRIS LYNCH -  MCSE, CCNA, CCA
> > NETWORK ENGINEER - INFORMATION TECHNOLOGY
> > NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691
> > Chris.lynch@xxxxxxxxxx  Tel 949.367.3406
> > 
> > 
> > - -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On  Behalf Of Robert Walk
> > Sent: Friday, September 27, 2002 5:43 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: SSL Relay
> > 
> > 
> > 
> > Yep, I have FR2.  From what I have read it appears that SSL Relay
> > is  a  better solution for our situation.  Of course I could be
> > wrong!  
> > 
> > Rob
> > 
> > On Thu, 2002-09-26 at 21:26, Chris Lynch wrote:
> > > 
> > >  
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > If you want a test cert, I would use a Thawte cert.  They last
> > > 21  days, and are just the same as Verisign.  If cannot get a
> > > "free"  one,  the Thawte 1 year is $199.  Cheaper that
> > > Verisign.
> > > 
> > > Also, why are you using SSL Relay?  Do you have FR2?
> > > 
> > > CHRIS LYNCH -  MCSE, CCNA, CCA
> > > NETWORK ENGINEER - INFORMATION TECHNOLOGY
> > > NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 
> > > Chris.lynch@xxxxxxxxxx  Tel 949.367.3406
> > > 
> > > 
> > > - -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx]  On  Behalf Of Eugene Herman
> > > Sent: Thursday, September 26, 2002 11:57 AM
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: SSL Relay
> > > 
> > > 
> > > 
> > > You can get a free certificate from Verisign - good for 14 days
> > > -   you  muet = also load a file called getacert.cer on the WS
> > > - also   available  free from = Verisign - and yes you can
> > > download another   one on day 15
> > > 
> > > >>> rwalk@xxxxxxxxxxx 09/26/02 01:48PM >>>
> > > 
> > > Hello,
> > > 
> > > I am trying to configure SSL relay for Metaframe XP on Windows
> > > 2000   Server.  Right now I am just trying to test it and
> > > possibly deploy  it  to a few users.  The problem I am having
> > > is  with the "Server  Certificate", is there a way to use one
> > > with having to pay for it? I   have read some of the docs and
> > > haven't been able to come a signed   certificate that works. 
> > > Any
> > > pointers would be greatly appreciated.
> > > 
> > > Thanks,
> > > 
> > > Rob
> > > 
> > > 
> > > 
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation=20
> > > TScale by Kevsoft Corporation=20
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware! =20 http://www.kevsoft.com/=20
> > > ***********************************************
> > > 
> > > For Archives, to Unsubscribe, Subscribe or=20
> > > set Digest or Vacation mode use the below link.
> > > 
> > > http://thethin.net/citrixlist.cfm
> > > 
> > > 
> > > 
> > > ****************************************************************
> > > ** ** ** ***
> > > This message, together with any attachments, is intended only
> > > for   the  use of the individual or entity to which it is
> > > addressed. It   may contain information that is confidential
> > > and prohibited from  disclosure.  If you are not the intended
> > > recipient, you are hereby   notified that any dissemination or
> > > copying of this message or any   attachment is strictly
> > > prohibited. If you have received this message  in error, please
> > > notify the original sender immediately by telephone  or by
> > > return e-mail and delete this message along with any 
> > > attachments, from your computer. Thank you.
> > > ****************************************************************
> > > ** ** ** ***
> > > 
> > > 
> > > 
> > > ****************************************************************
> > > ** ** ** ***
> > > This message, together with any attachments, is intended only
> > > for   the  use of the individual or entity to which it is
> > > addressed. It   may contain information that is confidential
> > > and prohibited from  disclosure.  If you are not the intended
> > > recipient, you are hereby   notified that any dissemination or
> > > copying of this message or any   attachment is strictly
> > > prohibited. If you have received this message  in error, please
> > > notify the original sender immediately by telephone  or by
> > > return e-mail and delete this message along with any 
> > > attachments, from your computer. Thank you.
> > > ****************************************************************
> > > ** ** ** ***
> > > 
> > > 
> > > 
> > > ****************************************************************
> > > ** ** ** ***
> > > This message, together with any attachments, is intended only
> > > for   the  use of the individual or entity to which it is
> > > addressed. It   may contain information that is confidential
> > > and prohibited from  disclosure.  If you are not the intended
> > > recipient, you are hereby   notified that any dissemination or
> > > copying of this message or any   attachment is strictly
> > > prohibited. If you have received this message  in error, please
> > > notify the original sender immediately by telephone  or by
> > > return e-mail and delete this message along with any 
> > > attachments, from your computer. Thank you.
> > > ****************************************************************
> > > ** ** ** ***
> > > 
> > > 
> > > 
> > > ****************************************************************
> > > ** ** ** ***
> > > This message, together with any attachments, is intended only
> > > for   the  use of the individual or entity to which it is
> > > addressed. It   may contain information that is confidential
> > > and prohibited from  disclosure.  If you are not the intended
> > > recipient, you are hereby   notified that any dissemination or
> > > copying of this message or any   attachment is strictly
> > > prohibited. If you have received this message  in error, please
> > > notify the original sender immediately by telephone  or by
> > > return e-mail and delete this message along with any 
> > > attachments, from your computer. Thank you.
> > > ****************************************************************
> > > ** ** ** ***
> > > 
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation
> > > TScale by Kevsoft Corporation
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware!
> > > http://www.kevsoft.com/
> > > ***********************************************
> > > 
> > > For Archives, to Unsubscribe, Subscribe or
> > > set Digest or Vacation mode use the below link.
> > > 
> > > http://thethin.net/citrixlist.cfm
> > > 
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 7.1
> > > 
> > > iQA/AwUBPZOzyfl56xfvzmMfEQJEjQCdE2kxQvYG5SHSw8UbRgztXg7QONUAn3YN
> > > ez6pWCqWHuQFWqueYNGeJCfg
> > > =YaXO
> > > -----END PGP SIGNATURE-----
> > > 
> > > **********************************************
> > > This weeks sponsor Kevsoft Corporation
> > > TScale by Kevsoft Corporation
> > > Support 30% to 40% more users on your server farm
> > > without buying new hardware!
> > > http://www.kevsoft.com/
> > > ***********************************************
> > > 
> > > For Archives, to Unsubscribe, Subscribe or
> > > set Digest or Vacation mode use the below link.
> > > 
> > > http://thethin.net/citrixlist.cfm
> > 
> > 
> > **********************************************
> > This weeks sponsor Kevsoft Corporation
> > TScale by Kevsoft Corporation
> > Support 30% to 40% more users on your server farm
> > without buying new hardware!  
> > http://www.kevsoft.com/
> > ***********************************************
> > 
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link.
> > 
> > http://thethin.net/citrixlist.cfm
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 7.1
> > 
> > iQA/AwUBPZR/Efl56xfvzmMfEQLF9ACfdskQV/S8ghaJL/DU9EeGCUwCLbcAn1Ql
> > J16EQ4zuokaAulBexwY89ieI
> > =wfzH
> > -----END PGP SIGNATURE-----
> > 
> > 
> > 
> > -- Binary/unsupported file stripped by Ecartis --
> > -- Type: application/ms-tnef
> > -- File: winmail.dat
> > 
> > 
> > **********************************************
> > This weeks sponsor Kevsoft Corporation
> > TScale by Kevsoft Corporation
> > Support 30% to 40% more users on your server farm
> > without buying new hardware!  
> > http://www.kevsoft.com/
> > ***********************************************
> > 
> > For Archives, to Unsubscribe, Subscribe or
> > set Digest or Vacation mode use the below link.
> > 
> > http://thethin.net/citrixlist.cfm
> 
> 
> **********************************************
> This weeks sponsor Kevsoft Corporation
> TScale by Kevsoft Corporation 
> Support 30% to 40% more users on your server farm
> without buying new hardware!  
> http://www.kevsoft.com/
> ***********************************************
> 
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
> 
> http://thethin.net/citrixlist.cfm
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
> 
> iQA/AwUBPZSbPPl56xfvzmMfEQLWpQCeMETH2lKMKLr1qsFXvDvoGoUKjYoAn2Ka
> rw9TmvpNfrJckePAFsVtD9XX
> =yHMn
> -----END PGP SIGNATURE-----
> 
> **********************************************
> This weeks sponsor Kevsoft Corporation
> TScale by Kevsoft Corporation 
> Support 30% to 40% more users on your server farm
> without buying new hardware!  
> http://www.kevsoft.com/
> ***********************************************
> 
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
> 
> http://thethin.net/citrixlist.cfm


**********************************************
This weeks sponsor Kevsoft Corporation 
TScale by Kevsoft Corporation 
Support 30% to 40% more users on your server farm
without buying new hardware!  
http://www.kevsoft.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPZTUevl56xfvzmMfEQI/9gCg9D37wNoP1m04K8dFBzKIaeynDqoAoNmI
2a1cKXzbrEvsXtEgxTiY0bay
=O8zu
-----END PGP SIGNATURE-----

**********************************************
This weeks sponsor Kevsoft Corporation 
TScale by Kevsoft Corporation 
Support 30% to 40% more users on your server farm
without buying new hardware!  
http://www.kevsoft.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: