Do we need a certificate for App A to talk to App B on the same server?
I would like to get some advice if we need to secure the communication between either Application A talking to Application B on the same server or an Application talking to a Database on the same physical box/server. For the purpose of discussion
let's say these are IIS web apps running on Windows Server 2008 R2. And for the sake of discussion lets just say we are passing
Personally Identifiable Information (PII) data/information.
Keep in mind the servers are in a secure computer room, and yes we use passwords to log in to the operating system and perhaps even passwords to log in to those applications and to that database. Now when users access this information from the
browsers on their workstations of course it's a SSL connection using a certificate, but my question is should we use certificates for intraserver communication?
February 25th, 2011 4:48pm
No, because there is no actual network traffic (even though there is loopback network adapter).http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
February 26th, 2011 12:44pm
Thank you, I agree, I was just looking for some validation.
March 1st, 2011 4:30pm