Monday, March 2, 2009

[THIN] Re: SSL Certs..

Hi Harry,

 

Unsure of your config, but you've only ever needed one cert for a CSG deployment. Patrick Rouse wrote some good articles here:

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

 

Have you got a cert of the WI site for direct Internal access?

 

To host several domains, a wildcard cert won't work. You would need something like...

http://www.geotrustaustralia.com/products/ssl_certificates/true_businessid_mdm.asp

http://www.digicert.com/unified-communications-ssl-tls.htm

 

As for your versions, go with CSG 3.1, WI 5.0.1, and XenApp 5.0 (which is the same as 4.5 on 2003) with HRP03. Why deploy outdated versions of the software?

 

Cheers,

Jeremy.

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Harry Singh
Sent: Tuesday, March 03, 2009 3:43 AM
To: thin@freelists.org
Subject: [THIN] SSL Certs..

 

Hi all,

I'm running CSG 3.0 and W1 2.1 (I know, very old) on my front-end. I currently use 2 separate SSL certs for each and everything works just fine.

citrix.company.com

csg.company.com

I plan on upgrading the Web Interface to 4.6 and CSG to latest version along with Presentation(XenApp) to 4.5. I know there is CAG, which i am still a little unclear about and  its purpose and Access Essentials, which, again, i don't know its full potential.

My concern is will 2 standard certs suffice, or should i consider getting a wildcard or UCC ?  I know that answer may depend on my organization's heriarchy and setup, so to be clear, we have a single public accesible domain name and don't plan on that changing for the next 3 years.

I am considering buying 2 standard certs from Godaddy, which i checked work fine for users in the Citrix Forums, but want to make sure i'm furture-proofing the purchase of these certs in event i implement any of the aformentioned technologies.

This questions comes up because i've been doing a lot of reading on Exchange2007 and it's need to have mulitple domain names accessible via SSL, hence the UCC reference.

Thanks,

Harry.
Confidentiality and Privilege Notice
This document is intended solely for the named addressee.  The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.
Posted by thinlist at 7:14 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)