JustM Posted June 8, 2011 Share Posted June 8, 2011 Hi everyone I in need for some advice on setting up two-way ssl. At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client. I understand it's all about trust between the two but I can't seem to find a good starting point on how to setup a basic config. My best guess is to first fully understand how openssl works (currently reading an ebook about it) But can someone please point me in the right direction to maybe a good howto or ebook wich covers the setup of two-way ssl so I can build a dev environment? I haven't found anything useful yet through google searches but maybe I'm querying it the wrong way. I did find a bunch of one-way SSL tutorials so I'm starting with those to see if I can figure it out this way but any help would be much appreciated. Regards Marco Quote Link to comment Share on other sites More sharing options...
digip Posted June 8, 2011 Share Posted June 8, 2011 (edited) If you have installed the certificate properly on the apache server, you can also add a rule to .htaccess to force the use of https instead of http. Problem is, https uses 443 by default, while most proxy servers use 8080, so not sure how that factors into setup, or if you can just use/try https://yourproxy.com:8080/ and still get the SSL working in this manner. http://www.besthostratings.com/articles/force-ssl-htaccess.html has some examples, but I imagine you can just add the proxy port number in with the https string. http://www.google.com/search?num=50&hl=en&newwindow=1&safe=off&biw=1436&bih=740&q=howto+setup+SSL+%22apache+proxy%22&btnG=Search http://www.google.com/search?hl=en&source=hp&biw=1436&bih=740&q=howto+setup+SSL+end+to+end&btnG=Google+Search Edited June 8, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted June 8, 2011 Share Posted June 8, 2011 At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client. I assume you are referring to two way ssl authentication. For this not only will the apache proxy need an ssl certificate but so will each client that is connecting. This SSL Tutorial might be useful for you. Quote Link to comment Share on other sites More sharing options...
JustM Posted June 8, 2011 Author Share Posted June 8, 2011 Thank you digip for your reply. Not exactly what I was looking for but thanks for the info and searches. Jason. That tutorial perfectly covers what l'm looking for. Even the self signed ca. I'll report back when I tried the tutorial. Thanks Marco Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 8, 2011 Share Posted June 8, 2011 I think this is what you are looking for: http://www.freebsddiary.org/openssl-client-authentication.php Quote Link to comment Share on other sites More sharing options...
JustM Posted June 8, 2011 Author Share Posted June 8, 2011 Perfect I can use that info to. Thanks for the effort This is the setup I eventualy hope to configure customers apache proxy <-> two-way ssl <-> our apache proxy <-> one way ssl <-> weblogic server The one way ssl part is already working Quote Link to comment Share on other sites More sharing options...
JustM Posted June 9, 2011 Author Share Posted June 9, 2011 Hi all, thanks for all the help i'v got a test environment running. I mainly used the info from Jasons post cause this tutorial was more up-to-date. But still thanks for the effort Sparda Quote Link to comment Share on other sites More sharing options...
JustM Posted June 20, 2011 Author Share Posted June 20, 2011 Just a little update: The two-way SSL is working perfectly in production. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 20, 2011 Share Posted June 20, 2011 (edited) Just a little update: The two-way SSL is working perfectly in production. I know there are plenty of articles on the internet about one way or two way SSL. Though it would be nice if you could post a small how to, so that it could help other users in the future. Edited June 20, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
JustM Posted June 20, 2011 Author Share Posted June 20, 2011 I would be glad to make a small how-to. But all I did is follow this how-to provided by Jason. Which is short by it's self. http://linuxconfig.org/apache-web-server-ssl-authentication It takes about 10 minutes to completely setup everything up from scratch. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 20, 2011 Share Posted June 20, 2011 I would be glad to make a small how-to. But all I did is follow this how-to provided by Jason. Which is short by it's self. http://linuxconfig.org/apache-web-server-ssl-authentication It takes about 10 minutes to completely setup everything up from scratch. No problems, I overlooked his post. Quote Link to comment Share on other sites More sharing options...
JustM Posted June 20, 2011 Author Share Posted June 20, 2011 ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.