Client certificate authentication on tunneling proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am trying to figure out if it is possible to configure Apache (any version) so that it would work as a tunneling proxy for HTTPS servers such that it would also verify the client certificates used to access those servers. The goal is to protect servers on the internal network from unauthorized access (even if the certificate check on the target server fails and connection will be broken).

I tried configuring HTTPS virtual host on Apache so that it accepts proxy tunneling requests and the server starts up fine, but it fails to handle the CONNECT requests. The connection just closes with no error appearing in the apache log.

I used telnet-ssl to connect to Apache and passed the following request:
CONNECT target-server:80 HTTP/1.1
Host: target-server:80

The same worked fine when I connected to Apache through plain HTTP.

The Apache 2.2.8 (OpenSUSE 11.0) config I am using is:

<VirtualHost _default_:443>
        ProxyRequests On
        AllowCONNECT 443 80

        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
        CustomLog /var/log/apache2/ssl_request_log   ssl_combined

        SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
</VirtualHost>

Any help would be appreciated.

Thanks,
--
Andrei T

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux