awakenings
asked on
SSL Use best practices question
I have a finding I need to mitigate. I have an SSL certificate for a web site. The finding I have is for not using SSL with terminal services. I could set up a terminal services gateway server, but that requires a SSL certificate. Is it an acceptable security practice to use the same certificate for the web site on the TS gateway server?
Thanks,
Matt
Thanks,
Matt
ASKER
Anyone?
Is the web server and the TS server the same box and same OS?
Is this a self-signed certificate? Or a certificate issues by a well know CA?
If you have two separate boxes and the certificate is issued by a well know CA (such as VeriSign) you have to check their policy, but typically each server needs its own certificates.
Is this a self-signed certificate? Or a certificate issues by a well know CA?
If you have two separate boxes and the certificate is issued by a well know CA (such as VeriSign) you have to check their policy, but typically each server needs its own certificates.
ASKER
The TS server would be on a different server in a different DMZ. The certificate is from a well known CA.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks... That was my guess, but I wanted another opinion.
ASKER