On Tue, Mar 31, 2009 at 12:35 PM, an...@iguanait.com <an...@iguanait.com> wrote:
> I know how to create a reverse proxy for HTTP -> HTTP, but i don't know > how to do it for HTTP to HTTPS. I know there is a SSLProxyengine that i > should activate, but probably i need to do more than these to get > working this. You need to enable Apache as an SSL client. This is what I wrote about on this list last year: Apache can't proxy to https urls out of the box. You need to do some work. you need to add the following to your config. # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. Once you've done that you need to run c_rehash in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. In order to test if everything is there you can do the following: openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443 if the conenction succeeds just try to do a GET /abc/ and see if you get something. If this test is succesfull apache should work too. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
