Re: CA Server YES or NO

---

• From: "Lion" <Lion@xxxxxxxxxx>
• Date: Sun, 27 Nov 2005 10:28:45 -0000

---

Just to give you little bit more of the background I'm installing a FE
server for OWA and Mobile devices in to my DMZ and I'm not using ISA. All
I'm looking fore is the best way of securing it. So my thoughts ware to use
SSL to secure traffic between FE and the clients and to use IP Sec to secure
traffic between the FE and BE server.

All I need to know its, should I setup CA of my own or use Third party
Certificates.

"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:OHI62Cq8FHA.3240@xxxxxxxxxxxxxxxxxxxxxxx
> Let me see if I correctly understand what you're asking:
> You need a certificate to enable SSL communications for your FE server
> which is currently in a DMZ?
>
> If that's the case, get one from a trusted third party resource. Shop it
> around, and you may find some significant price differences.
>
> Why get it from a third party? Because you seem to have some knowledge of
> what a PKI is used for, but don't seem to have a lot of time to get really
> deep in the nuances. Most don't (me included) nor should they. Setting
> up a PKI is no trivial task, although it can seem to be when you first
> start down that road. That, and it adds a level of complexity to your
> workload that's likely not necessary indicating that it would be cheaper
> and more reliable to purchase the needed items likely at a lower overall
> cost savings.
>
> My thoughts from reading this anyway. If that's not what you were after,
> by all means please correct me.
>
>
> "Lion" <Lion@xxxxxxxxxx> wrote in message
> news:e6k2vKo8FHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
>>I need your recommendation, I don't have CA server in my company at the
>>moment. I need it just for FE (OWA) server because I'm using DMZ
>>scenario.
>>
>> Should I setup one up or should I go get what I need from verisign.
>>
>> Whats the diferenc from the security point of view from mine and the one
>> from Verisign.
>>
>> If I was to setup one where do I need to place it to issue certificets to
>> my FE in DMZ.
>>
>> Thanks
>>
>
>


.

---

• Follow-Ups:
  • Re: CA Server YES or NO
    • From: Al Mulnick

• References:
  • CA Server YES or NO
    • From: Lion
  • Re: CA Server YES or NO
    • From: Al Mulnick

• Prev by Date: Re: Forward to multiple address/mailbox
• Next by Date: Re: Default E-mail Address problem in Exchange 2003
• Previous by thread: Re: CA Server YES or NO
• Next by thread: Re: CA Server YES or NO
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: fedora-list Digest, Vol 6, Issue 266 ... Re: OT: Setting up a forwarding mail domain in DMZ without ... Re: Sound Problem ... downloaded the yum.conf for fedora from Redhat's website. ... Server: Fedora.us Extras ... (Fedora) RE: Ye Olde OWA Topic (Was RE: Website inside or outside domain) ... with any DMZs or any other separation of OWA from your inside network. ... Of use your firewall to authenticate. ... where a public web server is in the DMZ and ... > How do I allow access to the back-end Exchange Server? ... (Focus-Microsoft) Re: Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc ... > Application Server)) ... > I talked to a security expert and he suggested me to build a DMZ. ... Publishing OWA via Static NAT (you called port forwarding) is perfectly ... (microsoft.public.isa) Re: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good ... Instead of placing the ISA box in PIX's DMZ, create a second DMZ by placing ... > by OWA box. ... > The DMZ server should be able to do ... (Firewall-Wizards) Re: OWA 2003 in DMZ ?? ... trying to secure it now is there? ... The comm between a FE and BE server is tcp 80. ... I mean, you're network directory is in the DMZ, your ... > planning to put my OWA on a DMZ ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)