On Fri, Dec 4, 2009 at 6:27 AM, Devraj Mukherjee <devraj@xxxxxxxxx> wrote: > Any ideas if I need to do something special when using ProxyRemote and HTTPS? I asume that since your revers proxy does some content mangling that your clients talk plain http to your proxy? A few thinks to look at: - Does your Squid proxy allow the "CONNECT" http method? - Is apache configured to function as an SSL client? You need at least to enable SSLProxyEngine, and define an SSLProxyCACertificatePath. In the second case you need to add the following to your config: # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server # certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. Once you've done that you need to run "c_rehash" in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|