On Thu, Jul 25, 2002 at 10:14:22AM -0500, David Iungerich wrote: > Daniel, > > Does your book or somewhere else give the specifics of what all I need to do
When the book was released, Doug (who sits 2 cubicles next to me :) had not yet cleaned up and ported that functionality, so I mention it but could not give any specifics. > to get this done. If so I'll go buy it, or wherever I need to look. I've > got to get this thing implemented today. At this point, I'm thinking I'll > strip off the Apache 1.3.23 that came with Suse and install Apache 2.0. > Bear in mind with all of this, that I'm new to Apache and Linux, so any > specifics you can provide on what ALL is need to implment this would be > greatly appreciated. Yesterday I submitted a patch to the Apache docs@ mailing list documenting those directives. I can try and help you with the setup, first step is to get Apache compiled with SSL support and understand how to generate certificates: http://www.apacheworld.org/ty24/site.chapter17.html and the mod_ssl docs/tutorial at apache.org For the SSLProxy* directives these docs are old and for raven ssl, but apply for the most part http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfigure.php#1138492 Cheers Daniel > Thanks again, > David > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez > Sent: Wednesday, July 24, 2002 5:49 PM > To: [EMAIL PROTECTED] > Subject: Re: http to https forward > > > On Wed, Jul 24, 2002 at 05:45:15PM -0500, David Iungerich wrote: > > Thanks Daniel. What all is needed as adjustments to my conf file? As I > > understood it, there was an issue with Apach taking an http POST reqest > and > > encrypting it with a given cert, then sending it along via https. If you > > could tell me exactly what I need version-wise and what to add/change in a > > standard conf file, I'd greatly appreciate it. > > I am not sure I understand what you mean with "encrypting it with a given > cert". I am guessing it means that your client must present a specific > client certificate to the remote server. This SSL functionality was present > in mod_ssl versions for 1.3 if you compiled with SSL_EXPERIMENTAL flag, but > was not working very well. > Apache 2.0 includes robust support for that functionality (thanks to Doug > MacEachern of mod_perl fame) and I recommend you use that. The directive you > want is SSLProxyMachineCertificateFile, for specifying the client > certificate(s) to present to the remote server. It is not documented > currently on the Apache project, but take a look at : > http://www.covalent.net/support/docs/faststart/2.0.0/userguide/html/sslconfi > gure.php#1138492 > > Hope it helps > > Daniel > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Lopez > > Sent: Wednesday, July 24, 2002 4:30 PM > > To: [EMAIL PROTECTED] > > Subject: Re: http to https forward > > > > > > > > > yes, that is correct. I meant http to https. So, there is no way to do > > > this with existing mods? I have to use something else? Java or Python > > > program? Anyone already have anything? > > > > You can already do it with Apache 2, and I am pretty sure you can do it > with > > Apache 1.3 too. The directives are just not documented, I am working on a > > patch for the docs. But you are able to do > > > > SSLProxyEngine on > > ProxyPass / https://some.host.com > > > > And you can also use other SSLProxy* directives like SSLProxyVerify, etc. > > > > Daniel > > > > -- > > Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
