httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Melanie Pfefer <melanie_pfe...@yahoo.co.uk>
Subject Re: [users@httpd] url proxying
Date Sun, 13 Apr 2008 21:32:42 GMT
hi Kirst, all,

To use c_rehash, I must have .pem and .crt files. Correct me if I am worong please. The remote
server has a self-signed certificate that was generated using keytool (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html)
so the file generated is .keytool. Should I generate .pem and .crt files to run c_rehash?
If so, how?


On another front, I understand from you that I can having apache as a proxy server that talks
SSL witht the backend and non-ssl with the end user (in URL, the user puts http not https
even if the backend server is accessed via https). Correct me if I am wrong please.

thanks.


--- On Fri, 11/4/08, Krist van Besien <krist.vanbesien@gmail.com> wrote:

> From: Krist van Besien <krist.vanbesien@gmail.com>
> Subject: Re: [users@httpd] url proxying
> To: users@httpd.apache.org, melanie_pfefer@yahoo.co.uk
> Date: Friday, 11 April, 2008, 4:28 PM
> On Fri, Apr 11, 2008 at 9:48 AM, Melanie Pfefer
> <melanie_pfefer@yahoo.co.uk> wrote:
> > Hi everybody,
> >
> >  I want to enable proxying from apache to a tomcat
> application running on ssl.
> >
> >  Redirection is working:
> >  RewriteRule /abc/  https://remoteserver:8443/abc/
> [R=301,L]
> >
> >
> >  But proxying is not:
> >  RewriteRule /abc/  https://remoteserver:8443/abc/
> [P,L]
> >
> >  In redirection:
> >  http://myapache/abc/ goes to
> https://remoteserver:8443/abc/ but this is shown in the url
> which is not my intention.
> >
> >  Any idea how to fix the proxying?
> >  thanks
> 
> Apache can't proxy to https urls out of the box. You
> need to do some work.
> 
> you need to add the following to your config.
> 
> # turn on SSL proxying.
> SSLProxyEngine On
> 
> # to tell Apache where to find CA certificates to check
> remote server
> certificates with:
> # (You can choose yourself where you put these
> certificates)
> SSLProxyCACertificatePath /path/to/ca/certificates.
> 
> Then in this path you need to put the CA certificate(s)
> used to sign
> the certificate(s) used by the server(s) you communicate
> with. If you
> want to talk to a server that uses a "self
> signed" certificate you
> will need to put it in this dir too.
> 
> Once you've done that you need to run c_rehash in that
> directory.
> c_rehash is part of a standard openssl distribution.
> c_rehash creates
> hashed aliases in this dir. Apache needs these.
> 
> In order to test if everything is there you can do the
> following:
> 
> openssl s_client -CApath /path/to/ca/certificates -connect
> remoteserver:8443
> 
> if the conenction succeeds just try to do a
> GET /abc/
> 
> and see if you get something. If all goes well it should
> work for apache also.
> 
> Krist
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email
> discussions?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org


      ___________________________________________________________ 
Yahoo! For Good helps you make a difference  

http://uk.promotions.yahoo.com/forgood/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message