<div>
I made it 500 points. &nbsp;I'd like a why or why not and what the risks are. &nbsp;The risks to me seem minimal, but this is my first time dealing with this particular question.
</div>


I made it 500 points.  I'd like a why or why not and what the risks are.  The risks to me seem minimal, but this is my first time dealing with this particular question.

<div>
Is the web server and the TS server the same box and same OS?<br />
<br />
Is this a self-signed certificate? &nbsp;Or a certificate issues by a well know CA?<br />
<br />
If you have two separate boxes and the certificate is issued by a well know CA (such as VeriSign) you have to check their policy, but typically each server needs its own certificates.
</div>


Is the web server and the TS server the same box and same OS?

Is this a self-signed certificate?  Or a certificate issues by a well know CA?

If you have two separate boxes and the certificate is issued by a well know CA (such as VeriSign) you have to check their policy, but typically each server needs its own certificates.

<div>
The TS server would be on a different server in a different DMZ. &nbsp;The certificate is from a well known CA.
</div>


The TS server would be on a different server in a different DMZ.  The certificate is from a well known CA.

<div>
Thanks... &nbsp;That was my guess, but I wanted another opinion.
</div>


Thanks...  That was my guess, but I wanted another opinion.

<div>
<div class="content wysiwyg-content">
I have a finding I need to mitigate. &nbsp;I have an SSL certificate for a web site. &nbsp;The finding I have is for not using SSL with terminal services. &nbsp;I could set up a terminal services gateway server, but that requires a SSL certificate. &nbsp;Is it an acceptable security practice to use the same certificate for the web site on the TS gateway server?<br />
<br />
Thanks,<br />
<br />
Matt
</div>
</div>


I have a finding I need to mitigate.  I have an SSL certificate for a web site.  The finding I have is for not using SSL with terminal services.  I could set up a terminal services gateway server, but that requires a SSL certificate.  Is it an acceptable security practice to use the same certificate for the web site on the TS gateway server?

Thanks,

Matt

SSL Use best practices question

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.