Hello SSL gurus
Sorry if this is not the forum where to ask this, but here it goes:
In a schema like this,
Net 1 DMZ Net 2
C --------------- R1 ----------------- R2 ----------------- S
C: SSL client
S: SSL server (only server certificate required)
R1: Router that I can control
R2: Router that I do not control
The R2 only knows DMZ (that is, it can't route to C)
C can't know the address of S, because it is used in other internal
network.
NAT is the cheapest solution, because I can use existing hard. This
solution is (and works fine with HTTP):
C points to interface in Net 1 of R1.
R1 redirects all traffic received to this interface to S, but also
replacing the source address of the packet with the address of the
interface of R1 in DMZ. This is done this way so R2 and S can route
back the connection.
S sees the connection directed to itself and comming from the DMZ (R1).
The problem I see is related with the certificate of the server in the
client. C will receive the certificate in a connection to R1 but
comming from S, and I suppouse it will complain about it.
Is this the only problem that could arise when switching to HTTPS, or
there are other problems that will make me install a proxy in DMZ?
Any information will be appreciated.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
