Jump to content

Apache Two-way Ssl


Recommended Posts

Hi everyone I in need for some advice on setting up two-way ssl.

At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client.

I understand it's all about trust between the two but I can't seem to find a good starting point on how to setup a basic config.

My best guess is to first fully understand how openssl works (currently reading an ebook about it)

But can someone please point me in the right direction to maybe a good howto or ebook wich covers the setup of two-way ssl so I can build a dev environment?

I haven't found anything useful yet through google searches but maybe I'm querying it the wrong way.

I did find a bunch of one-way SSL tutorials so I'm starting with those to see if I can figure it out this way but any help would be much appreciated.

Regards

Marco

Link to comment
Share on other sites

If you have installed the certificate properly on the apache server, you can also add a rule to .htaccess to force the use of https instead of http. Problem is, https uses 443 by default, while most proxy servers use 8080, so not sure how that factors into setup, or if you can just use/try https://yourproxy.com:8080/ and still get the SSL working in this manner.

http://www.besthostratings.com/articles/force-ssl-htaccess.html has some examples, but I imagine you can just add the proxy port number in with the https string.

http://www.google.com/search?num=50&hl=en&newwindow=1&safe=off&biw=1436&bih=740&q=howto+setup+SSL+%22apache+proxy%22&btnG=Search

http://www.google.com/search?hl=en&source=hp&biw=1436&bih=740&q=howto+setup+SSL+end+to+end&btnG=Google+Search

Edited by digip
Link to comment
Share on other sites

At the company I work for I'm tasked with looking into two-way ssl between an apache proxy and a client.

I assume you are referring to two way ssl authentication. For this not only will the apache proxy need an ssl certificate but so will each client that is connecting.

This SSL Tutorial might be useful for you.

Link to comment
Share on other sites

Thank you digip for your reply. Not exactly what I was looking for but thanks for the info and searches.

Jason. That tutorial perfectly covers what l'm looking for.

Even the self signed ca.

I'll report back when I tried the tutorial.

Thanks

Marco

Link to comment
Share on other sites

Perfect I can use that info to. Thanks for the effort

This is the setup I eventualy hope to configure

customers apache proxy <-> two-way ssl <-> our apache proxy <-> one way ssl <-> weblogic server

The one way ssl part is already working

Link to comment
Share on other sites

Hi all, thanks for all the help i'v got a test environment running.

I mainly used the info from Jasons post cause this tutorial was more up-to-date.

But still thanks for the effort Sparda

Link to comment
Share on other sites

  • 2 weeks later...

Just a little update:

The two-way SSL is working perfectly in production.

I know there are plenty of articles on the internet about one way or two way SSL. Though it would be nice if you could post a small how to, so that it could help other users in the future.

Edited by Infiltrator
Link to comment
Share on other sites

I would be glad to make a small how-to.

But all I did is follow this how-to provided by Jason. Which is short by it's self.

http://linuxconfig.org/apache-web-server-ssl-authentication

It takes about 10 minutes to completely setup everything up from scratch.

No problems, I overlooked his post.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...