Igor Cicimov wrote:
So you are trying to connect to port 80 on the server not 443? The SSL host listens to 443 so what do you expect to happen when you connect to port 80 as shown in your test? Have you redirected the port 80 to 443 in your configuration or what?
I am trying to connect to apache through SSL (port 443) and tell it to create a tunnel to some other server listening on port 80. I tried the same for target port 443 as well. The actual protocol between client and target is not important - I want apache to establish a tunnel. This works well when apache is running in plain HTTP (not HTTPS) mode.
http://en.wikipedia.org/wiki/HTTP_tunnel
You have also mentioned client certificates so have you tried importing that certificate in some browser and test the connection?
I have not tried fiddling with client certificates yet. There is no point in trying it if apache is not working even without them. My understanding that client certificate verification is possible only through an SSL connection. That's why I am trying to make apache run in HTTPS mode for proxying.
On Thu, Jan 21, 2010 at 12:35 PM, Andrei T <magistrator@xxxxxx <mailto:magistrator@xxxxxx>> wrote:Hi, I am trying to figure out if it is possible to configure Apache (any version) so that it would work as a tunneling proxy for HTTPS servers such that it would also verify the client certificates used to access those servers. The goal is to protect servers on the internal network from unauthorized access (even if the certificate check on the target server fails and connection will be broken). I tried configuring HTTPS virtual host on Apache so that it accepts proxy tunneling requests and the server starts up fine, but it fails to handle the CONNECT requests. The connection just closes with no error appearing in the apache log. I used telnet-ssl to connect to Apache and passed the following request: CONNECT target-server:80 HTTP/1.1 Host: target-server:80 The same worked fine when I connected to Apache through plain HTTP. The Apache 2.2.8 (OpenSUSE 11.0) config I am using is: <VirtualHost _default_:443> ProxyRequests On AllowCONNECT 443 80 ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log CustomLog /var/log/apache2/ssl_request_log ssl_combined SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key </VirtualHost> Any help would be appreciated. Thanks,-- Andrei T--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx <mailto:users-help@xxxxxxxxxxxxxxxx>
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|