You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lenya.apache.org by Pe...@Flagstar.com on 2005/04/13 15:12:53 UTC

Apache to IIS SSL proxy

Good morning list,

        We're in the process of setting up Apache running on Sun Solaris 
in our DMZ, with a reverse proxy connectyion to an IIS application server 
in our internal network. We're doing this because we need IIS to host an 
application, but don't want IIS in our DMZ. So far we've gotten the 
reverse proxy to work, and connected to the Apache server in the DMZ via 
web browser with SSL. We're interested now in an SSL connection from the 
Apache server in the DMZ to the IIS server on the internal network. We 
created a certificate and are about to put it on the DMZ Apache box, but 
how do we get it to automatically accept the certificate? I think it may 
have to do with the SSLProxyCACertificateFile and/or 
SSLProxyCACertificatePath directives. Any help would be appreciated! And 
thank you to Gregor Rothfuss for pointing me in the direction of mod_proxy 
in the first place!



Thanks


Pete Knoll
Web server software support
IS Enterprise Technology
Office: (248) 312-6449


This e-mail may contain data that is confidential, proprietary or "non-public
personal information," as that term is defined in the Gramm-Leach-Bliley Act
(collectively, "Confidential Information"). The Confidential Information is
disclosed conditioned upon your agreement that you will treat it
confidentially and in accordance with applicable law, ensure that such data
isn't used or disclosed except for the limited purpose for which it's being
provided and will notify and cooperate with us regarding any requested or
unauthorized disclosure or use of any Confidential Information. By accepting
and reviewing the Confidential Information you agree to indemnify us against
any losses or expenses, including attorney's fees that we may incur as a
result of any unauthorized use or disclosure of this data due to your acts or
omissions. If a party other than the intended recipient receives this e-mail,
you are requested to instantly notify us of the erroneous delivery and return
to us all data so delivered.

Re: Apache to IIS SSL proxy

Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Peter.J.Knoll@Flagstar.com wrote:
>         Gregor...would the internal IIS app server that I'm connecting to 
> via reverse proxy be considered the "virtual server" mentioned in the 
> details of the directive?

no, the virtual server pertains to the domain you expose your reverse 
proxy under

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org

Re: Apache to IIS SSL proxy

Posted by Pe...@Flagstar.com.
        Gregor...would the internal IIS app server that I'm connecting to 
via reverse proxy be considered the "virtual server" mentioned in the 
details of the directive?



Thanks


Pete Knoll
Web server software support
IS Enterprise Technology
Office: (248) 312-6449




"Gregor J. Rothfuss" <gr...@apache.org> 
04/13/2005 12:47 PM
Please respond to
"Lenya Users List" <us...@lenya.apache.org>


To
Lenya Users List <us...@lenya.apache.org>
cc

Subject
Re: Apache to IIS SSL proxy






Peter.J.Knoll@Flagstar.com wrote:
>         I looked through the article but don't see anything that applies 

> to my situation - was there a prticular section of the article you're 
> pointing me to? To recap for anyone who didn't see my original post: I 
> have created the IIS certificate and FTPed it to the DMZ Apache server, 
> but still having trouble getting an SSL connection to the IIS server on 
> the inernal network. How do I get the DMZ Apache server to authenticate 
> (accept the certificate) with the internal IIS server?

ah, misread. 
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslproxyengine is what 
you want, plus related config options on that page


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org




This e-mail may contain data that is confidential, proprietary or "non-public
personal information," as that term is defined in the Gramm-Leach-Bliley Act
(collectively, "Confidential Information"). The Confidential Information is
disclosed conditioned upon your agreement that you will treat it
confidentially and in accordance with applicable law, ensure that such data
isn't used or disclosed except for the limited purpose for which it's being
provided and will notify and cooperate with us regarding any requested or
unauthorized disclosure or use of any Confidential Information. By accepting
and reviewing the Confidential Information you agree to indemnify us against
any losses or expenses, including attorney's fees that we may incur as a
result of any unauthorized use or disclosure of this data due to your acts or
omissions. If a party other than the intended recipient receives this e-mail,
you are requested to instantly notify us of the erroneous delivery and return
to us all data so delivered.

Re: Apache to IIS SSL proxy

Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Peter.J.Knoll@Flagstar.com wrote:
>         I looked through the article but don't see anything that applies 
> to my situation - was there a prticular section of the article you're 
> pointing me to? To recap for anyone who didn't see my original post: I 
> have created the IIS certificate and FTPed it to the DMZ Apache server, 
> but still having trouble getting an SSL connection to the IIS server on 
> the inernal network. How do I get the DMZ Apache server to authenticate 
> (accept the certificate) with the internal IIS server?

ah, misread. 
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslproxyengine is what 
you want, plus related config options on that page


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org

Re: Apache to IIS SSL proxy

Posted by Pe...@Flagstar.com.
        I looked through the article but don't see anything that applies 
to my situation - was there a prticular section of the article you're 
pointing me to? To recap for anyone who didn't see my original post: I 
have created the IIS certificate and FTPed it to the DMZ Apache server, 
but still having trouble getting an SSL connection to the IIS server on 
the inernal network. How do I get the DMZ Apache server to authenticate 
(accept the certificate) with the internal IIS server?



Thanks


Pete Knoll
Web server software support
IS Enterprise Technology
Office: (248) 312-6449




"Gregor J. Rothfuss" <gr...@apache.org> 
04/13/2005 11:55 AM
Please respond to
"Lenya Users List" <us...@lenya.apache.org>


To
Lenya Users List <us...@lenya.apache.org>
cc

Subject
Re: Apache to IIS SSL proxy






Peter.J.Knoll@Flagstar.com wrote:

> created a certificate and are about to put it on the DMZ Apache box, but 

> how do we get it to automatically accept the certificate? I think it may 

> have to do with the SSLProxyCACertificateFile and/or 

http://www.modssl.org/docs/2.8/ssl_howto.html


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org




This e-mail may contain data that is confidential, proprietary or "non-public
personal information," as that term is defined in the Gramm-Leach-Bliley Act
(collectively, "Confidential Information"). The Confidential Information is
disclosed conditioned upon your agreement that you will treat it
confidentially and in accordance with applicable law, ensure that such data
isn't used or disclosed except for the limited purpose for which it's being
provided and will notify and cooperate with us regarding any requested or
unauthorized disclosure or use of any Confidential Information. By accepting
and reviewing the Confidential Information you agree to indemnify us against
any losses or expenses, including attorney's fees that we may incur as a
result of any unauthorized use or disclosure of this data due to your acts or
omissions. If a party other than the intended recipient receives this e-mail,
you are requested to instantly notify us of the erroneous delivery and return
to us all data so delivered.

Re: Apache to IIS SSL proxy

Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Peter.J.Knoll@Flagstar.com wrote:

> created a certificate and are about to put it on the DMZ Apache box, but 
> how do we get it to automatically accept the certificate? I think it may 
> have to do with the SSLProxyCACertificateFile and/or 

http://www.modssl.org/docs/2.8/ssl_howto.html


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org