[THIN] Re: Securing MFXP

From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
To: <thin@xxxxxxxxxxxxx>
Date: Wed, 17 Aug 2005 14:44:12 -0700
Correct, but with a public CA you are (the client) validating that
csg.bobco.com is legit.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Marc-Andre Lapierre
Sent: Wednesday, August 17, 2005 2:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Securing MFXP

 

I meant kind, not king.

 

With the use of a public CA root Cert you're not identified either. You just
use the certificate to encrypt the data with the CSG box.

 

  _____  

From: Joe Shonk [mailto:joe.shonk@xxxxxxxxx] 
Sent: Wednesday, August 17, 2005 5:11 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Securing MFXP

 

You really can't call it the king of two factor authentication since the
Root CA does NOT identify you are who you are.  Anybody who accesses the
system will use the same Root CA certificate. It's only validating the end
point you're connecting too.  CSG is not validating you with the cert, you
are validating it.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Marc-Andre Lapierre
Sent: Wednesday, August 17, 2005 1:00 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Securing MFXP

 

But using a private cert is more secure than using a public one since the
ICA has to trust the Root certificate of the CSG box. It's a king of two
factor authentication since you need to give the private certificate to your
users.

 

  _____  

From: Joe Shonk [mailto:joe.shonk@xxxxxxxxx] 
Sent: Wednesday, August 17, 2005 1:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Securing MFXP

 

I would look at using CSG; it's more secure and free with your SubAdv.  It's
much simpler to setup and maintain than SSL Relay, even with 2 servers.   I
would also look into using a Public cert.  They can be had for only $50
dollars and saves a bunch of time and hassle trying to teach end users how
to install the root cert.

 

Joe

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of ILMS (Air)
Sent: Tuesday, August 16, 2005 9:24 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Securing MFXP

 

Hii friends!

 

We have 2 MFXP FR3/W2k3 servers, users logging in using WI over LAN/WAN.

Would like to implement SSL.

 

What I have in mind is:

 

1.  Setup CA on one MF server. Create root cert.

Issue Server cert to both MF servers (IIS servers) and install through IIS.

 

2. Direct WI to use HTTPS (or Citrix SSL??) on 443, also set MF server name
same a certificate name.

 

3.  Setup citrix ssl relay on both MF servers (required??).

 

4. Install root cert on clients.

 

5.  Open only 443 port.

 

6.  Direct users to use https://server

 

 

waiting for your feedback!!

thnx in advance!
References:

[THIN] Re: Securing MFXP
From: Marc-Andre Lapierre
[THIN] Re: Securing MFXP

Other related posts:
