Apache Two-way Ssl

[JustM]

Hi everyone I in need for some advice on setting up two-way ssl.

At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client.

I understand it's all about trust between the two but I can't seem to find a good starting point on how to setup a basic config.

My best guess is to first fully understand how openssl works (currently reading an ebook about it)

But can someone please point me in the right direction to maybe a good howto or ebook wich covers the setup of two-way ssl so I can build a dev environment?

I haven't found anything useful yet through google searches but maybe I'm querying it the wrong way.

I did find a bunch of one-way SSL tutorials so I'm starting with those to see if I can figure it out this way but any help would be much appreciated.

Regards

Marco

[digip]

If you have installed the certificate properly on the apache server, you can also add a rule to .htaccess to force the use of https instead of http. Problem is, https uses 443 by default, while most proxy servers use 8080, so not sure how that factors into setup, or if you can just use/try https://yourproxy.com:8080/ and still get the SSL working in this manner.

http://www.besthostratings.com/articles/force-ssl-htaccess.html has some examples, but I imagine you can just add the proxy port number in with the https string.

http://www.google.com/search?num=50&hl=en&newwindow=1&safe=off&biw=1436&bih=740&q=howto+setup+SSL+%22apache+proxy%22&btnG=Search

http://www.google.com/search?hl=en&source=hp&biw=1436&bih=740&q=howto+setup+SSL+end+to+end&btnG=Google+Search

Edited June 8, 2011 by digip

[Jason Cooper]

At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client.

I assume you are referring to two way ssl authentication. For this not only will the apache proxy need an ssl certificate but so will each client that is connecting.

This SSL Tutorial might be useful for you.

[JustM]

Thank you digip for your reply. Not exactly what I was looking for but thanks for the info and searches.

Jason. That tutorial perfectly covers what l'm looking for.

Even the self signed ca.

I'll report back when I tried the tutorial.

Thanks

Marco

[Sparda]

I think this is what you are looking for:

http://www.freebsddiary.org/openssl-client-authentication.php

[JustM]

Perfect I can use that info to. Thanks for the effort

This is the setup I eventualy hope to configure

customers apache proxy <-> two-way ssl <-> our apache proxy <-> one way ssl <-> weblogic server

The one way ssl part is already working

[JustM]

Hi all, thanks for all the help i'v got a test environment running.

I mainly used the info from Jasons post cause this tutorial was more up-to-date.

But still thanks for the effort Sparda

[JustM]

Just a little update:

The two-way SSL is working perfectly in production.

[Infiltrator]

Just a little update:

The two-way SSL is working perfectly in production.

I know there are plenty of articles on the internet about one way or two way SSL. Though it would be nice if you could post a small how to, so that it could help other users in the future.

Edited June 20, 2011 by Infiltrator

[JustM]

I would be glad to make a small how-to.

But all I did is follow this how-to provided by Jason. Which is short by it's self.

http://linuxconfig.org/apache-web-server-ssl-authentication

It takes about 10 minutes to completely setup everything up from scratch.

[Infiltrator]

I would be glad to make a small how-to.

But all I did is follow this how-to provided by Jason. Which is short by it's self.

http://linuxconfig.org/apache-web-server-ssl-authentication

It takes about 10 minutes to completely setup everything up from scratch.

No problems, I overlooked his post.

[JustM]

;)