Re: Reverse proxy from HTTP to HTTPS or HTTPS to HTTPS how?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks for your reply. 

I expected that i need to tell apache to use some certificates that to
use for this job. Yes we have self-signed certificates in main server
and in the internal server. So i need to take the certs from the
internal server and to put them somewhere on the main server. Then to
configure apache to use these certs for this job.

Have  i understood this correctly ?

On Tue, 2009-03-31 at 13:16 +0200, Krist van Besien wrote:
> On Tue, Mar 31, 2009 at 12:35 PM, anebi@xxxxxxxxxxxx <anebi@xxxxxxxxxxxx> wrote:
> 
> > I know how to create a reverse proxy for HTTP -> HTTP, but i don't know
> > how to do it for HTTP to HTTPS. I know there is a SSLProxyengine that i
> > should activate, but probably i need to do more than these to get
> > working this.
> 
> You need to enable Apache as an SSL client. This is what I wrote about
> on this list last year:
> 
> Apache can't proxy to https urls out of the box. You need to do some work.
> 
> you need to add the following to your config.
> 
> # turn on SSL proxying.
> SSLProxyEngine On
> 
> # to tell Apache where to find CA certificates to check remote server
> certificates with:
> # (You can choose yourself where you put these certificates)
> SSLProxyCACertificatePath /path/to/ca/certificates.
> 
> Then in this path you need to put the CA certificate(s) used to sign
> the certificate(s) used by the server(s) you communicate with. If you
> want to talk to a server that uses a "self signed" certificate you
> will need to put it in this dir too.
> 
> Once you've done that you need to run c_rehash in that directory.
> c_rehash is part of a standard openssl distribution. c_rehash creates
> hashed aliases in this dir. Apache needs these.
> 
> In order to test if everything is there you can do the following:
> 
> openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443
> 
> if the conenction succeeds just try to do a
> GET /abc/
> 
> and see if you get something. If this test is succesfull apache should work too.
> 
> Krist
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux