Monday, March 2, 2009

[THIN] Re: SSL Certs..

Thanks Jeremy for clearing up the latest versions.

For now we suspect a single domain across all servers, but I'm glad
there is an option should the company structure change.

Thanks,


On 3/2/09, Jeremy Saunders <Jeremy.Saunders@datacom.com.au> wrote:
> Hi Harry,
>
>
>
> Unsure of your config, but you've only ever needed one cert for a CSG
> deployment. Patrick Rouse wrote some good articles here:
>
> http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html
>
>
>
> Have you got a cert of the WI site for direct Internal access?
>
>
>
> To host several domains, a wildcard cert won't work. You would need
> something like...
>
> http://www.geotrustaustralia.com/products/ssl_certificates/true_businessid_mdm.asp
>
> http://www.digicert.com/unified-communications-ssl-tls.htm
>
>
>
> As for your versions, go with CSG 3.1, WI 5.0.1, and XenApp 5.0 (which is
> the same as 4.5 on 2003) with HRP03. Why deploy outdated versions of the
> software?
>
>
>
> Cheers,
>
> Jeremy.
>
>
>
> From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
> Of Harry Singh
> Sent: Tuesday, March 03, 2009 3:43 AM
> To: thin@freelists.org
> Subject: [THIN] SSL Certs..
>
>
>
> Hi all,
>
> I'm running CSG 3.0 and W1 2.1 (I know, very old) on my front-end. I
> currently use 2 separate SSL certs for each and everything works just fine.
>
> citrix.company.com
>
> csg.company.com
>
> I plan on upgrading the Web Interface to 4.6 and CSG to latest version along
> with Presentation(XenApp) to 4.5. I know there is CAG, which i am still a
> little unclear about and its purpose and Access Essentials, which, again, i
> don't know its full potential.
>
> My concern is will 2 standard certs suffice, or should i consider getting a
> wildcard or UCC ? I know that answer may depend on my organization's
> heriarchy and setup, so to be clear, we have a single public accesible
> domain name and don't plan on that changing for the next 3 years.
>
> I am considering buying 2 standard certs from Godaddy, which i checked work
> fine for users in the Citrix Forums, but want to make sure i'm
> furture-proofing the purchase of these certs in event i implement any of the
> aformentioned technologies.
>
> This questions comes up because i've been doing a lot of reading on
> Exchange2007 and it's need to have mulitple domain names accessible via SSL,
> hence the UCC reference.
>
> Thanks,
>
> Harry.
>
>
>
>
> #####################################################################################
> Confidentiality and Privilege Notice
> This document is intended solely for the named addressee. The information
> contained in the pages is confidential and contains legally privileged
> information. If you are not the addressee indicated in this message (or
> responsible for delivery of the message to such person), you may not copy or
> deliver this message to anyone, and you should destroy this message and
> kindly notify the sender by reply email. Confidentiality and legal privilege
> are not waived or lost by reason of mistaken delivery to you.
> #####################################################################################
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

No comments: