Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 51103 invoked from network); 13 Jun 2009 15:42:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Jun 2009 15:42:08 -0000 Received: (qmail 97813 invoked by uid 500); 13 Jun 2009 15:42:17 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 97770 invoked by uid 500); 13 Jun 2009 15:42:17 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 97761 invoked by uid 99); 13 Jun 2009 15:42:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Jun 2009 15:42:17 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of dummy@habmalnefrage.de designates 213.165.64.20 as permitted sender) Received: from [213.165.64.20] (HELO mail.gmx.net) (213.165.64.20) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 13 Jun 2009 15:42:06 +0000 Received: (qmail 27205 invoked by uid 0); 13 Jun 2009 15:41:45 -0000 Received: from 84.175.238.95 by www040.gmx.net with HTTP; Sat, 13 Jun 2009 17:41:43 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" Date: Sat, 13 Jun 2009 17:41:44 +0200 From: dummy@habmalnefrage.de Message-ID: <20090613154144.242390@gmx.net> MIME-Version: 1.0 To: users@httpd.apache.org X-Authenticated: #1406931 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX19ilu47QnVipkSmELilhQg8nH1pX655G8qfIIBPuF tov/3VqgcMZtrsSO452w4rkmJe1AHMrl597A== Content-Transfer-Encoding: 8bit X-GMX-UID: 3KFWC8EqfW47N+ktYmVoiMdudmllcgWQ X-FuHaFi: 0.72 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] man-in-the-middle https proxy Hi all, I have a Apache2 + mod_ssl + havp + squid as a transparent HTTPS-Proxy with virus scanner deployed. Since mod_ssl has only the ability to host only one SSL hostname based certificate per IP I'm looking for a solution to host multiply hostnames with dynamically generated certificates based and certificated on a trusted proxy ca on the fly. This seam as a man-in-the-middle attack from a bad guy, but this will be practical deployed in a trusted company net, which should be protected against HTTPS-virus deployment. Has anybody seen a similar solution or knows how to patch mod_ssl or maybe a mod_ssl fork which realise such an issue ? Astaro firewall has such a commercial solution based on closed source. Regards Dirk -- GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss f�r nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org