apache reverse proxy ssl - not passing certificate

apache reverse proxy ssl - not passing certificate

am 12.09.2002 02:05:04 von Leonard.Jeremy

I posted the following question with comp.infosystems.www.servers.unix but
have received no suggestions.
Do you have a solution?

-----Original Message-----
From: posting-system@google.com [mailto:posting-system@google.com]
Sent: Monday, 9 September 2002 9:34 AM
To: Jeremy, Leonard
Subject: apache reverse proxy ssl - not passing certificate


From: leonard.jeremy@det.nsw.edu.au (Leonard Jeremy)
Newsgroups: comp.infosystems.www.servers.unix
Subject: apache reverse proxy ssl - not passing certificate
NNTP-Posting-Host: 153.107.47.81
Message-ID: <582a52f6.0209081533.450312b6@posting.google.com>

I have setup an apache ssl reverse proxy using v1.3.26 with mod_ssl This
works but serves a certificate from the reverse proxy to the client instead
of passing through the certificate from the end server. I cannot see a
solution to this on any mail lists. Can anyone help me?
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: apache reverse proxy ssl - not passing certificate

am 12.09.2002 08:16:52 von Cliff Woolley

On Thu, 12 Sep 2002, Jeremy, Leonard wrote:

> I have setup an apache ssl reverse proxy using v1.3.26 with mod_ssl This
> works but serves a certificate from the reverse proxy to the client instead
> of passing through the certificate from the end server.

Yes of course... it does that by design. The certificate contains the
public key; the proxy needs the corresponding private key for whichever
certificate it's going to present to the client. The only private key it
has access to is its own, not the one of the backend server. The only way
to get the backend's certificate through to the client is to either use
the proxy CONNECT method (ie, the proxy just blindly hands packets from
the client to the server without decrypting them) or to not use a proxy at
all.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org