It's just an old set up that we don't want to change but what we want to do is add client certification on the backend server as the certificates sit on the backend server and not on the proxy. On Jul 1, 2015 7:54 AM, "Marat Khalili" <m...@rqc.ru> wrote:
> Obviously, SSL protects traffic from any tampering by proxy. However, > proxy can pass traffic through as-is when asked with CONNECT method; it > might solve your problem depending on what this problem is (why do you need > proxy in the first place?). > > > -- > > With Best Regards, > Marat Khalili > > On 01/07/15 17:23, pankit thapar wrote: > > Yes, the above link provides a directive to authenticate proxy which is > not what I am looking for. > I actually thought that I could use connect protol to create a tunnel from > client through proxy to the backend server. > What do you think about that? > > On Wed, Jul 1, 2015 at 5:05 AM, Daniel <dferra...@gmail.com> wrote: > >> You can make your proxy identify with a specific key-cert combination >> with: >> SSLProxyMachineCertificateFile >> >> http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxymachinecertificatefile >> >> But "passthrough" as you say, that's not how proxy works AFAIK. >> >> 2015-06-30 23:57 GMT+02:00 pankit thapar <thapar.pan...@gmail.com>: >> >>> Hi, >>> >>> I wanted to know if there is a way to pass on the client cert as it is >>> to a backend server through an apache proxy without using the SSL headers. >>> >>> Scenario: >>> Client---https--->Proxy(:443)---https--->BackEnd(:PORT) >>> >>> The above figure is what I want to set up. >>> So, basically I want apache proxy to act as a man in the middle and >>> just forward the https request as it is. >>> >>> Please let me know if someone has an idea on this. >>> >>> Thanks, >>> Pankit >>> >> >> >> >> -- >> *Daniel Ferradal* >> IT Specialist >> >> email dferradal at gmail.com >> linkedin es.linkedin.com/in/danielferradal >> > > >
