httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] Client certificate authentication on tunneling proxy
Date Wed, 27 Jan 2010 16:19:38 GMT
> Igor Cicimov wrote:
>> So you are trying to connect to port 80 on the server not 443? The SSL  
>> host listens to 443 so what do you expect to happen when you connect to 
>> port 80 as shown in your test? Have you redirected the port 80 to 443 
>> in your configuration or what? 

On 21.01.10 18:33, Andrei T wrote:
> I am trying to connect to apache through SSL (port 443) and tell it to  
> create a tunnel to some other server listening on port 80.

why a tunnel? Who would create the tunnel? While It's possible, I don't know
of any browser that could do that.

>> You have also mentioned client certificates so have you tried importing 
>> that certificate in some browser and test the connection?

> I have not tried fiddling with client certificates yet. There is no  
> point in trying it if apache is not working even without them. My  
> understanding that client certificate verification is possible only  
> through an SSL connection. That's why I am trying to make apache run in  
> HTTPS mode for proxying.

You can configure apache so that it would behave as proxy, https on
receiving side with client certificate verification and proxying to another
tunnels. Client would think that your apachs is the server.

You also could configure apache as proxy accessible through https (but
clients afaik don't support https proxy) and configure clients to use this
apache as proxy. But they would not issue CONNECT to port 80.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message