shinrich commented on issue #9176: URL: https://github.com/apache/trafficserver/issues/9176#issuecomment-1304274004
I don't think certifier will trigger on the connect method. The actual TLS handshake will be between origin server and client, not client and proxy. You need the TLS connection to terminate on the proxy for the hooks to go off to engage certifier. We are using it in transparent mode with GET/POST, etc. The traffic routes through our gateway, and we use iptables to mark and TPROXY the traffic into trafficserver. In that case certifier does generate server certificates to return. Notes on transparent mode https://docs.trafficserver.apache.org/admin-guide/configuration/transparent-proxy.en.html You could use certifier in reverse proxy mode, though there isn't much of a point for it. Or at least that is not how I'm used to thinking about it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
