News you need
Kurt Buff
Philip Elder
We set up reverse proxy using ARR/URLReWrite v1 (IIS). This allows for as many HTTPS based connections to internal services as needed. So, Exchange Server services, Remote Desktop Services, SharePoint, and others.
Source User (Internet) HTTPS à ARR (Private Key) à Exchange Server
Source User Device (Internet) HTTPS à ARR (Private Key) à Exchange Server
Source User (Internet) HTTPS à ARR (Private Key) à RD Gateway à RD Session Host/RemoteApps
The important thing to note is where the Private Key lies. So, we decrypt that HTTPS packet stream to analyze it then encrypt it to send it on to the final destination.
So, for instance we know that CloudFlare has access to every single HTTPS inbound by decryption due to the Private Key being resident in their system.
The question my little inquiring brain has is this: Does LetsEncrypt _keep_ the Private Key anywhere on their systems?
Snowden revealed what exactly? That defecation runs deep. Stinky, slimy, deep. Thus my paranoia about Black Boxes.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
MPECS Inc.
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Teams: Phili...@MPECSInc.Cloud
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7EhpvdN3LQzvUGtZJgThGhj8m9D%3DK0esXEa%2BgwNEh5Xg%40mail.gmail.com.