Solved

Self signed certificate

Posted on 2013-06-17
12
349 Views
Last Modified: 2013-07-23
Hi experts

if i generate self assigned certificate from server 2008, will that work for https over proxy service.

If yes kindly send me links to to this task.

Thanks in advance.
Gagan
0
Comment
Question by:GaganRawat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
12 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 39252852
Please Explain.  
Are you looking to setup a proxy for secure connections and would like to use a self-signed certificate to auth the proxy?

Your users will be warned every time they access a secure site they have not added an exception that "a man in the middle" attack is going since the certificate presented by the proxy does not match the URL to which the user is going.
0
 

Author Comment

by:GaganRawat
ID: 39252964
Would like to use a self assigned certificate to auth the proxy.

Thanks
0
 
LVL 78

Expert Comment

by:arnold
ID: 39254709
What do you mean?
You can not proxy secure sites.
are you looking to access your proxy as https://yourownproxy?
In this case, you have to use stunnel and have the self signed certificate on it which will then forward the requests to your squid proxy.

Often, people use certificates to auth clients to the proxy.

http://www.squid-cache.org/mail-archive/squid-users/200310/1013.html
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Author Comment

by:GaganRawat
ID: 39255192
in simple language i need my people to stay connected with exchange server even outside the office.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 39255229
Opening up a port on your firewall is required unless you have the option to setup VPN connections from each user into your network.

You need to either open your firewall to access OWA's site directly. WAN IP port 443 https://www.yourdomain.com/OWA or a variation there of.

Your other option is to setup a reverse proxy
The reverse proxy will have the certificate for www.yourdomain.com (https://www.yourdomain.com) and the reverse proxy will direct the requests to the internal system where the OWA interface is.
Both provide direct access to the OWA interface, but the reverse proxy provides some "added security" by reducing the attack vector against IIS.

Are you looking to provide users access to the IMAP protocol on your Exchange server remotely?
A reverse proxy on port 143, 993 might be the way to secure those communications.
993 will be either a direct path to exchange or
143 and 993 will be a reverse squid proxy with 993 having a certificate with the requests proxied internaly to port 143 of exchange.
0
 

Author Comment

by:GaganRawat
ID: 39307199
I've requested that this question be deleted for the following reason:

Dont need it any more
0
 
LVL 78

Expert Comment

by:arnold
ID: 39307200
Information and possible implementations included.
0
 
LVL 11

Accepted Solution

by:
NetoMeter Screencasts earned 350 total points
ID: 39321672
I've stumbled upon this post and I am really unpleasantly surprised by the change in the level of the experts - been awhile since posting here (member since 2004).

To start with - Gagan is asking about Rpc over HTTPS (or Outlook Anywhere).

The answers provided:

1. Have nothing to do with the question asked.
2. Are totally misleading and incorrect ex. "You can not proxy secure sites", "provide users access to the IMAP protocol" etc.

The short answer to Gagan's question is - Yes.

When you run the Setup Internet Address wizard, a Certificate is requested and issued by the SBS Certificate Authority. In addition, a certificate package is generated automatically in the Public folder. You need to install this package on the remote clients, before they can start using RPC over HTTP(S).

Best Regards,

:)

PS: Southmod, it would be really nice if you elaborate on the line of thoughts that brought you to this remarkable conclusion "It would seem that you have been given valid suggestions and advice".
0
 
LVL 78

Expert Comment

by:arnold
ID: 39342799
Each person approaches a question in different ways. As NetoMeter pointed out a direct answer of yes provides a limited set of info in my opinion.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question