Andrea Gallazzi schrieb:
Thanks Jakob for your reply.
As usual I do not agree with digital certificate. :-)
Not sure what you mean here?
Squid as reverse proxy for exchange 2010 owa and activesync.
Exchange 2010 have a certificate released from my internal CA.
That is exactly the setup I was referring to. We are running such
setups. My previous mail tried to elaborate what is necessary to get
this going certificate-wise.
I am following this example config:
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
On real world:
I must configure or request a new certificate to my internal CA for
squid reverse proxy or install the same certificate of exchange?
That depends on your DNS setup. A certificate is normally valid for
exactly one hostname. If the Exchange server and the external access
resolve to an identical hostname (which you can only achieve with a
so-called split DNS entry), then you can use one certificate. Otherwise
you need two or a cert that covers both names as mentioned. The internal
one can be a self-signed cert, for the external one self-signed
certificates are possible but that means that you have to take great
care when configuring the clients.
JC
