RE: OT SSL

• From: "Kingery, Mark" <Mark.Kingery@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 24 Jun 2003 11:31:57 -0500

The way I have it setup in my Beta testing is that I have a Front-end server 
sitting in front of my ISA box with a Certificate and then I publish it through 
ISA to my backend server.
 
Seems to work okay.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Hi Mark,
 
Because Verisign sells the certs and they say you need to pay for a cert for 
each machine.
 
However, if the question is whether you need two SSL certs to make the FE/BE 
config work, I'm pretty sure you don't. Just install the single cert on the ISA 
firewall and bind it to the listener. 
 
HTH,
Tom
 
Thomas W Shinder
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

-----Original Message-----
From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] 
Sent: Tuesday, June 24, 2003 11:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Just curious why is two needed?

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, June 24, 2003 11:05 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT SSL


http://www.ISAserver.org


Hi Winston,
 
Unfortuatnely, that is correct. If you have Administrative control over the 
clients, you might consider using your own certificate server. This also 
discourages users from using Kiosks and other unsecure sites from connecting to 
OWA. I never allow connections from completely unmanaged and untrusted 
computers, so if you have that option, you might consider it.
 
HTH,
Tom
 
Thomas W Shinder
 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mark.kingery@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL
• » RE: OT SSL

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---