We want to do this because having basically a NT login prompt hanging out on the internet is not secure enough for us. I already have both set up on one box with one IP and one server-side cert. What I'm talking about are client-side certs so that we can control what end users are able to connect to the WI. Thanks, Jay -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Wednesday, December 08, 2004 12:08 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: 2-way browser SSL and CSG First question, why? CSG will proxy HTTPS request for WI. If you want both on the same box, assign 1 IP address to WI and 1 to SG. If you MUST run off of 1 ip address, you will want to disable socket pooling if you are to SSL. Again, why? SG only needs 1 address and it will encrypt the WI traffic for you, no need to install a SSL cert for WI. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jay Moock Sent: Tuesday, December 07, 2004 1:48 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] 2-way browser SSL and CSG Trying to test client SSL certs on our CSG server as an alternative to SafeWord or RSA. I'm running into a problem with it though. Currently, I have both CSG and WI on the same box. CSG listens on 443 and IIS listens on 444. If I enable client SSL in IIS then it apparently is trying to get a cert from CSG (which of course fails). If I go straight to port 444 on the CSG/WI box then the client SSL works as it should, but of course then you're bypassing CSG, sort of. If I go in to CSG Admin my session does show up, which doesn't quite make sense, but I'm willing to accept it if it doesn't create any issues. Is anyone else doing anything like this? If I flip the ports (change IIS to 443 and CSG to 444) and have users go straight to 443 am I opening myself up to any potential problems? Thanks, Jay ******************************************************** This Weeks Sponsor Activaeon.com Reduce licensing costs with activAeon XA and get one month completely free. http://www.activaeon.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Activaeon.com Reduce licensing costs with activAeon XA and get one month completely free. http://www.activaeon.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Activaeon.com Reduce licensing costs with activAeon XA and get one month completely free. http://www.activaeon.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm