Andrea Gallazzi schrieb:
> Thanks Jakob for your reply.
> As usual I do not agree with digital certificate. :-)
Not sure what you mean here?
>
>
> Squid as reverse proxy for exchange 2010 owa and activesync.
> Exchange 2010 have a certificate released from my internal CA.
>
That is exactly the setup I was referring to. We are running such
setups. My previous mail tried to elaborate what is necessary to get
this going certificate-wise.
> I am following this example config:
> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
>
> On real world:
> I must configure or request a new certificate to my internal CA for
> squid reverse proxy or install the same certificate of exchange?
That depends on your DNS setup. A certificate is normally valid for
exactly one hostname. If the Exchange server and the external access
resolve to an identical hostname (which you can only achieve with a
so-called split DNS entry), then you can use one certificate. Otherwise
you need two or a cert that covers both names as mentioned. The internal
one can be a self-signed cert, for the external one self-signed
certificates are possible but that means that you have to take great
care when configuring the clients.
JC
Received on Thu Apr 01 2010 - 09:20:56 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT