Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    But you do actually need two separate certs. You configure the OWA providing web server with it's own cert and SSL like you would normally. You just have the Apache unit doing the same thing, but you've configured that individual virtual server to get content from the IIS service running OWA.

    Two certs, two web servers... right?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    We have the same wild-card cert on both the Apache Proxy server and the Internal servers. (With allot of fixing)

    But you can run with 2 different certs But internally we don't go through the proxy.
    Just external traffic so there for we use the same certs on both..
    And it works.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    So you generate the cert based on IIS's request and stuff the related key files into apache by hand? That's brilliant...

    I'm still on the fence on if I want a proxy in the middle of secured communications. But I like the idea of something rebuilding all the packets before it lands on the OWA box.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    As we use a Wildcard cert for the most of the servers it is a bit more tricky to use it on multiple backends servers as there is different IIS servers.
    But as we control the CA and is Cert Templates we can do allot of tampering

    And i Agree i am not sure that I can recommend running it on UT.
    But it would be a nice feature.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Well the "host name" based forwarding for standard HTTP is handy.

    That said, Proxy functionality, reverse or otherwise, IMHO, should be OFF the gateway. It's just too darn intense. So simple to manage separately, forward the port to the proxy and go from there. With VMs in the mix it's even easier. Why add that complexity to the Untangle product?

    I've already lost that argument, it seems we're getting a caching proxy for Untangle in 8.0...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    I love "Host name" based forwarding.
    But in my environment it is better to have a separate VM handling the Proxy feature.
    But with just 2 or 3 sites with a small load it would be handy.

    I did not know that Caching Proxy feature was publicly announced.

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    There are so many new things coming in 8.0 we've been waiting on I've lost track of what is and isn't announced anymore. I just hope they take their time with it... we don't need another 7.4. Having OpenVPN fall on its face was just embarrassing the whole way around.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Hopefully the Alpha and Beta testing will go on for a longer period this time.
    And that "test-upgrades" are available as well.

    The problem with the OpenVPN was that the patch was coming from 8.0 and not a 7.4 box..

    But hopefully we (as in we in the community testing team) will do our part and find all bugs.

    But with all the new functions it is easy just to focus on them

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Yeah, this go around we need to divide up the interface, and go through everything one button at a time and make sure all those input boxes still do what they are supposed to.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2