[THIN] Re: 2-way browser SSL and CSG
- From: "Jay Moock" <jmoock@xxxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Dec 2004 08:18:06 -0500
We want to do this because having basically a NT login prompt hanging out on
the internet is not secure enough for us.
I already have both set up on one box with one IP and one server-side cert.
What I'm talking about are client-side certs so that we can control what end
users are able to connect to the WI.
Thanks,
Jay
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Joe Shonk
Sent: Wednesday, December 08, 2004 12:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: 2-way browser SSL and CSG
First question, why? CSG will proxy HTTPS request for WI. If you want
both on the same box, assign 1 IP address to WI and 1 to SG. If you MUST
run off of 1 ip address, you will want to disable socket pooling if you are
to SSL. Again, why? SG only needs 1 address and it will encrypt the WI
traffic for you, no need to install a SSL cert for WI.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jay Moock
Sent: Tuesday, December 07, 2004 1:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] 2-way browser SSL and CSG
Trying to test client SSL certs on our CSG server as an alternative to
SafeWord or RSA. I'm running into a problem with it though. Currently, I
have both CSG and WI on the same box. CSG listens on 443 and IIS listens on
444. If I enable client SSL in IIS then it apparently is trying to get a
cert from CSG (which of course fails). If I go straight to port 444 on the
CSG/WI box then the client SSL works as it should, but of course then you're
bypassing CSG, sort of. If I go in to CSG Admin my session does show up,
which doesn't quite make sense, but I'm willing to accept it if it doesn't
create any issues.
Is anyone else doing anything like this? If I flip the ports (change IIS to
443 and CSG to 444) and have users go straight to 443 am I opening myself up
to any potential problems?
Thanks,
Jay
********************************************************
This Weeks Sponsor Activaeon.com
Reduce licensing costs with activAeon XA and get one month completely free.
http://www.activaeon.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Activaeon.com
Reduce licensing costs with activAeon XA and get one month completely free.
http://www.activaeon.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Activaeon.com
Reduce licensing costs with activAeon XA and
get one month completely free.
http://www.activaeon.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
