Re: How to tunnel https traffic in VPN based connecton?

[Security Auditor <auditor.sec () gmail com>]

Hi,
Regarding the
Query1: When you use a self signed cert, it is not trusted by the
browser, therefore it prompts (ugly) popup. To get rid of it, just add
the issuing CA's cert in trusted root store on clients machine.... or
simply import the cert and save it in the store if you do not have a
CA infrastructure.


Regarding the Query2: I am assuming that site in question is an
internal site therefore if you have a domain environment, better use
integrated authentication for the server, else can be handled by
application...

On Tue, Mar 1, 2011 at 7:02 AM,  <a.alii85 () gmail com> wrote:
> I have Site(s) Ani....i=1,..10 sites which communicate with site B to access a website/application. That's simple 
> enough.
>
> However, the traffic is http well we primarily don't need https on ipsec tunnel right?. But since attacks related to 
> eavesdropping of traffic come a real reality once it gets terminated by the ipsec device on both sides.
>
> I have two options either to purchase a third-party ssl certificate to encrypt the traffic between two nodes or use a 
> custom made one.
>
> I don't want to use a custom made one because this make the browser prompt an ugly untrusted certificate message; its 
> ugly not from security perspective but for clients inconvenience and assuring users confidence in our systems is a 
> critical issue for us.
>
> Based upon above discussion i have the following two queries:-
>
> a) How its possible to remove ugly un-certifcate message from user screen? Does the company need to register its 
> certificate to some kind of CA body? or what ...
>
> b) Due to some tcp acceleration issues, ssl traffic slows down the traffic between the nodes so we only require the 
> encryption to stand just during the initial handshake when the username and password are being validated ; after that 
> we
> want to revert back to http? Could this be achieved? If yes how...?
>
> Thanks for your help.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



--
Cheers,
Audi

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------