Client SSL Proxy Configuration
am 23.04.2009 23:24:45 von John Jimenez> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--B_3323348685_2903263
Content-type: text/plain;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Hello,
>=20
> I consume web services from an outside-of-my-firewall SSL server that req=
uires
> clients to be SSL-authenticated (clients must pre-register). My applicat=
ion
> server resides inside of my firewall. I would like to access the
> aforementioned web services through a proxy in order to not expose my int=
ernal
> server hostname to the outside world. I have tried to setup my SSL conne=
ction
> (e.g., using my client certificate, trusting the web service provider) fr=
om
> within my internal application server w/ the client certificate generated=
for
> the proxy (as opposed to the hidden application) server but the SSL serve=
r
> would not fall for it.
>=20
> Assuming that my initial approach is not possible, I would like to use an
> apache http server as my proxy-server/SSL-client. My goal is to keep thi=
s
> apache server thin (i.e., only configuration, no extra java code). Is th=
ere a
> way to configure mod_proxy and (specially) mod_ssl to do this very thing?
>=20
> Here=B9s my proxy.conf template:
>=20
> ProxyRequests On
>
> Order deny,allow
> Deny from all
> Allow from internal_ip_address
>
>=20
> Cheers,
>=20
> John.
--B_3323348685_2903263
Content-type: text/html;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
'>Hello,
<=
SPAN STYLE=3D'font-size:11pt'>
I consume web services from an outside-of-my-firewall SSL server that requi=
res clients to be SSL-authenticated (clients must pre-register). My ap=
plication server resides inside of my firewall. I would like to access=
the aforementioned web services through a proxy in order to not expose my i=
nternal server hostname to the outside world. I have tried to setup my=
SSL connection (e.g., using my client certificate, trusting the web service=
provider) from within my internal application server w/ the client certific=
ate generated for the proxy (as opposed to the hidden application) server bu=
t the SSL server would not fall for it.
Assuming that my initial approach is not possible, I would like to use an a=
pache http server as my proxy-server/SSL-client. My goal is to keep th=
is apache server thin (i.e., only configuration, no extra java code). =
Is there a way to configure mod_proxy and (specially) mod_ssl to do this ver=
y thing?
Here’s my proxy.conf template:
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
Allow from internal_ip_address
</Proxy>
Cheers,
John.
--B_3323348685_2903263--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org