Search squid archive

Re: Reverse and SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrea Gallazzi schrieb:
Thanks Jakob for your reply.
As usual I do not agree with digital certificate. :-)
Not sure what you mean here?


Squid as reverse proxy for exchange 2010 owa and activesync.
Exchange 2010 have a certificate released from my internal CA.

That is exactly the setup I was referring to. We are running such setups. My previous mail tried to elaborate what is necessary to get this going certificate-wise.
I am following this example config:
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess

On real world:
I must configure or request a new certificate to my internal CA for squid reverse proxy or install the same certificate of exchange?
That depends on your DNS setup. A certificate is normally valid for exactly one hostname. If the Exchange server and the external access resolve to an identical hostname (which you can only achieve with a so-called split DNS entry), then you can use one certificate. Otherwise you need two or a cert that covers both names as mentioned. The internal one can be a self-signed cert, for the external one self-signed certificates are possible but that means that you have to take great care when configuring the clients.

JC

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux