Here are the registry keys used by UAG:
http://technet.microsoft.com/en-us/library/ee809087.aspx
The one that is the most use, especially carrying out proof of concepts and "real" certificates are not being used:
HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL
By default Forefront UAG validates both the certificate and the revocation list of each SSL backend server during the TLS handshake procedure. In the event where the certificate or the CRL are not valid, backend users are denied access to that given backend server. If a Forefront UAG administrator wishes to disable those validation tests, set the ValidateRwsCert and ValidateRwsCertCRL key values to 0, and then restart the IIS service on the Forefront UAG server.
As UAG checks certificates and CRL, where IAG really didn't this can be new to most people who have experienced IAG.
No comments:
Post a Comment