Client SSL Proxy Configuration

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3323348685_2903263
Content-type: text/plain;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

Hello,
>=20
> I consume web services from an outside-of-my-firewall SSL server that req=
uires
> clients to be SSL-authenticated (clients must pre-register). My applicat=
ion
> server resides inside of my firewall. I would like to access the
> aforementioned web services through a proxy in order to not expose my int=
ernal
> server hostname to the outside world. I have tried to setup my SSL conne=
ction
> (e.g., using my client certificate, trusting the web service provider) fr=
om
> within my internal application server w/ the client certificate generated=
for
> the proxy (as opposed to the hidden application) server but the SSL serve=
r
> would not fall for it.
>=20
> Assuming that my initial approach is not possible, I would like to use an
> apache http server as my proxy-server/SSL-client. My goal is to keep thi=
s
> apache server thin (i.e., only configuration, no extra java code). Is th=
ere a
> way to configure mod_proxy and (specially) mod_ssl to do this very thing?
>=20
> Here=B9s my proxy.conf template:
>=20
> ProxyRequests On
>
> Order deny,allow
> Deny from all
> Allow from internal_ip_address
>
>=20
> Cheers,
>=20
> John.


--B_3323348685_2903263
Content-type: text/html;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable






'>Hello,

<=
SPAN STYLE=3D'font-size:11pt'>

I consume web services from an outside-of-my-firewall SSL server that requi=
res clients to be SSL-authenticated (clients must pre-register).  My ap=
plication server resides inside of my firewall.  I would like to access=
the aforementioned web services through a proxy in order to not expose my i=
nternal server hostname to the outside world.  I have tried to setup my=
SSL connection (e.g., using my client certificate, trusting the web service=
provider) from within my internal application server w/ the client certific=
ate generated for the proxy (as opposed to the hidden application) server bu=
t the SSL server would not fall for it.  



Assuming that my initial approach is not possible, I would like to use an a=
pache http server as my proxy-server/SSL-client.  My goal is to keep th=
is apache server thin (i.e., only configuration, no extra java code).  =
Is there a way to configure mod_proxy and (specially) mod_ssl to do this ver=
y thing?



Here’s my proxy.conf template:



ProxyRequests On

<Proxy *>

   Order deny,allow

    Deny from all

    Allow from internal_ip_address

</Proxy>



Cheers,



John.