Client SSL Proxy Configuration

> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3323348685_2903263
Content-type: text/plain;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

Hello,
>
> I consume web services from an outside-of-my-firewall SSL server that req=
uires
> clients to be SSL-authenticated (clients must pre-register). My applicat=
ion
> server resides inside of my firewall. I would like to access the
> aforementioned web services through a proxy in order to not expose my int=
ernal
> server hostname to the outside world. I have tried to setup my SSL conne=
ction
> (e.g., using my client certificate, trusting the web service provider) fr=
om
> within my internal application server w/ the client certificate generated=
for
> the proxy (as opposed to the hidden application) server but the SSL serve=
r
> would not fall for it.
>
> Assuming that my initial approach is not possible, I would like to use an
> apache http server as my proxy-server/SSL-client. My goal is to keep thi=
s
> apache server thin (i.e., only configuration, no extra java code). Is th=
ere a
> way to configure mod_proxy and (specially) mod_ssl to do this very thing?
>
> Here=B9s my proxy.conf template:
>
> ProxyRequests On
> <Proxy *>
> Order deny,allow
> Deny from all
> Allow from internal_ip_address
> </Proxy>
>
> Cheers,
>
> John.


--B_3323348685_2903263
Content-type: text/html;
charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

<HTML>
<HEAD>
<TITLE>Client SSL Proxy Configuration</TITLE>
</HEAD>
<BODY>
<FONT FACE=3D"Calibri, Verdana, Helvetica, Arial"><SPAN STYLE=3D'font-size:11pt=
'>Hello,<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE=3D"Calibri, Verdana, Helvetica, Arial"><=
SPAN STYLE=3D'font-size:11pt'><BR>
I consume web services from an outside-of-my-firewall SSL server that requi=
res clients to be SSL-authenticated (clients must pre-register).  My ap=
plication server resides inside of my firewall.  I would like to access=
the aforementioned web services through a proxy in order to not expose my i=
nternal server hostname to the outside world.  I have tried to setup my=
SSL connection (e.g., using my client certificate, trusting the web service=
provider) from within my internal application server w/ the client certific=
ate generated for the proxy (as opposed to the hidden application) server bu=
t the SSL server would not fall for it.  <BR>
<BR>
Assuming that my initial approach is not possible, I would like to use an a=
pache http server as my proxy-server/SSL-client.  My goal is to keep th=
is apache server thin (i.e., only configuration, no extra java code).  =
Is there a way to configure mod_proxy and (specially) mod_ssl to do this ver=
y thing?<BR>
<BR>
Here’s my proxy.conf template:<BR>
<BR>
ProxyRequests On<BR>
<Proxy *><BR>
   Order deny,allow<BR>
    Deny from all<BR>
    Allow from <I>internal_ip_address<BR>
</I></Proxy><BR>
<BR>
Cheers,<BR>
<BR>
John.<BR>
</SPAN></FONT></BLOCKQUOTE>
</BODY>
</HTML>


--B_3323348685_2903263--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
John Jimenez [ Do, 23 April 2009 23:24 ] [ ID #1998921 ]
Webserver » gmane.comp.apache.mod-ssl.user » Client SSL Proxy Configuration

Vorheriges Thema: Restricting access by arbitrary certificate extension
Nächstes Thema: SSLRequireSSL Ineffective

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum