On 12/14/06, frank rittinger <[EMAIL PROTECTED]> wrote:
Thanks for the answer,
As far as I understand it, this would mean that the client talks to my proxy
with one certificate and then the proxy decrypts and encrypts the request and
uses the original servers certificate to communicate with the original server,
i.e.
Client ----- cert A ---> Proxy ----> cert B ----> Server
What I would like is:
Client ----- cert B ---> Proxy ----> cert B ----> Server
Without the Proxy "reading" the request, simply passing it on.
Is this possible at all?
I have to put the proxy in the middle without changing certificates.
This goes a little beyond my level of expertise, but...
If you don't want the proxy decrypting the traffic, then you don't
want an HTTP proxy, you want a port-forwarder. Just tell your OS or
firewall to forward port 443 on to the back-end server. But remember
that a certificate is associated with a particular hostname, so you'll
need to be careful to get that right.
(In the case of a foward-proxy, there is actually a specific provision
for this in the form of the CONNECT method. But that won't work in a
reverse-proxy situation.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
