On 12/14/06, frank rittinger <frank.rittinger@xxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for the answer, As far as I understand it, this would mean that the client talks to my proxy with one certificate and then the proxy decrypts and encrypts the request and uses the original servers certificate to communicate with the original server, i.e. Client ----- cert A ---> Proxy ----> cert B ----> Server What I would like is: Client ----- cert B ---> Proxy ----> cert B ----> Server Without the Proxy "reading" the request, simply passing it on. Is this possible at all? I have to put the proxy in the middle without changing certificates.
This goes a little beyond my level of expertise, but... If you don't want the proxy decrypting the traffic, then you don't want an HTTP proxy, you want a port-forwarder. Just tell your OS or firewall to forward port 443 on to the back-end server. But remember that a certificate is associated with a particular hostname, so you'll need to be careful to get that right. (In the case of a foward-proxy, there is actually a specific provision for this in the form of the CONNECT method. But that won't work in a reverse-proxy situation.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|