On 12/15/06, frank rittinger <frank.rittinger@xxxxxxxxxxxxxxxxxxxx> wrote:
> -----Ursprüngliche Nachricht----- > Von: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] Im Auftrag > > > > If you don't want the proxy decrypting the traffic, then you > don't want an HTTP proxy, you want a port-forwarder. Just > tell your OS or firewall to forward port 443 on to the > back-end server. But remember that a certificate is > associated with a particular hostname, so you'll need to be > careful to get that right. I think that port forwarding will not work, based on domain names (I have multiple domains pointing to the same IP address). I guess, I have to use properly configured certificates and decrypt/encrypt at the proxy...
Well, in general you can't have multiple names on the same IP address when vhosting SSL anyway, since there is no way for the correct certificate to be negotiated. So unless you are doing something very special, you're going to need to rethink the whole strategy. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|