It's just an old set up that we don't want to change but what we want to do is add client certification on the backend server as the certificates sit on the backend server and not on the proxy.
Obviously, SSL protects traffic from any tampering by proxy. However, proxy can pass traffic through as-is when asked with CONNECT method; it might solve your problem depending on what this problem is (why do you need proxy in the first place?).
--
With Best Regards,
Marat Khalili
On 01/07/15 17:23, pankit thapar wrote:
Yes, the above link provides a directive to authenticate proxy which is not what I am looking for.I actually thought that I could use connect protol to create a tunnel from client through proxy to the backend server.What do you think about that?
On Wed, Jul 1, 2015 at 5:05 AM, Daniel <dferradal@xxxxxxxxx> wrote:
You can make your proxy identify with a specific key-cert combination with:
SSLProxyMachineCertificateFile
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxymachinecertificatefile
But "passthrough" as you say, that's not how proxy works AFAIK.--
2015-06-30 23:57 GMT+02:00 pankit thapar <thapar.pankit@xxxxxxxxx>:
PankitThanks,Please let me know if someone has an idea on this.So, basically I want apache proxy to act as a man in the middle and just forward the https request as it is.The above figure is what I want to set up.Client---https--->Proxy(:443)---https--->BackEnd(:PORT)Scenario:Hi,I wanted to know if there is a way to pass on the client cert as it is to a backend server through an apache proxy without using the SSL headers.
Daniel FerradalIT Specialist
email dferradal at gmail.comlinkedin es.linkedin.com/in/danielferradal
|