Hi, I'm still trying to get SSL blind tunneling on TS. I've setup TS as a forward proxy, kept the line in remap.config that maps a https request to https on origin server, and in records.config I have "CONFIG proxy.config.http.connect_ports STRING 443 563". Also, I have commented the line that specifies my certificate in ssl_multicert.config, because it's the whole point to not have the certificate on the proxy.
Now in the browser, a request to the server is automatically a GET and TS gives: SSL ERROR: SSL_ServerHandShake. Probably because it cannot find the certificate. With curl, using a CONNECT method and https scheme, I get the same error. Is there something obvious I'm still doing wrong? -----Original Message----- From: Leif Hedstrom [mailto:[email protected]] Sent: maandag 26 november 2012 16:17 To: [email protected] Cc: Geert Lugtenberg Subject: Re: pass-through proxy On 11/26/12 3:21 AM, Geert Lugtenberg wrote: > > That worked. A follow-up question to this is: Is it possible to remap > an https request to the origin server also using https, without the > use of a certificate on traffic server? Content would pass encrypted > through TS to the client. > > Not in "reverse proxy", no. This only works if you explicitly have the client setup a forward proxy server, and then the browser will use CONNECT as the method for HTTPS, and ATS will tunnel those requests. This is what others suggested. It sounds like what you want is a simple packet forwarding service, because you would never be able to do anything intelligent on the request on the "proxy" layer (since you can't see it without doing SSL termination in ATS). -- Leif
