[THIN] Re: Securing MFXP
- From: "Marc-Andre Lapierre" <malapierre@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 17 Aug 2005 16:00:18 -0400
But using a private cert is more secure than using a public one since
the ICA has to trust the Root certificate of the CSG box. It's a king of
two factor authentication since you need to give the private certificate
to your users.
_____
From: Joe Shonk [mailto:joe.shonk@xxxxxxxxx]
Sent: Wednesday, August 17, 2005 1:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Securing MFXP
I would look at using CSG; it's more secure and free with your SubAdv.
It's much simpler to setup and maintain than SSL Relay, even with 2
servers. I would also look into using a Public cert. They can be had
for only $50 dollars and saves a bunch of time and hassle trying to
teach end users how to install the root cert.
Joe
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of ILMS (Air)
Sent: Tuesday, August 16, 2005 9:24 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Securing MFXP
Hii friends!
We have 2 MFXP FR3/W2k3 servers, users logging in using WI over LAN/WAN.
Would like to implement SSL.
What I have in mind is:
1. Setup CA on one MF server. Create root cert.
Issue Server cert to both MF servers (IIS servers) and install through
IIS.
2. Direct WI to use HTTPS (or Citrix SSL??) on 443, also set MF server
name same a certificate name.
3. Setup citrix ssl relay on both MF servers (required??).
4. Install root cert on clients.
5. Open only 443 port.
6. Direct users to use https://server
waiting for your feedback!!
thnx in advance!
Other related posts: