Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: Proxypass and SSL certificates
« previous next »
Pages: [1]   Go Down

Proxypass and SSL certificates

  • 4 Replies
  • 2638 Views

Offline daniel

  • ****
  • 146
  • +0/-0
  • Platinum Sponsor
    • http://www.charton-mgmt.com
Proxypass and SSL certificates
« on: May 19, 2011, 07:38:14 PM »
Following the wiki http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass for Proxypass I setup the SME server to pass a DNS directly to a windows 2008 IIS server sitting behind the SME. 

This successfully passes the https request to the windows server.  However when Internet Explorer connects to the Windows server from outside, it says the certificate is invalid.  When looking at the certificate it gets, shows the SME certificate instead of the WIN2008 IIS certificate. 

Here are my db domains parameters.
portal.charton-mgmt.com=domain
Nameservers=internet
ProxyPassTarget=http://192.168.93.2/
TemplatePath=ProxyPassVirtualHosts/

Should I try https://192.168.93.2/ instead of http on the target line?  Would that pass the Win2008 through the SME out to the Internet?

Thanks.
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Proxypass and SSL certificates
« Reply #1 on: May 19, 2011, 10:23:53 PM »
Quote from: daniel on May 19, 2011, 07:38:14 PM
When looking at the certificate it gets, shows the SME certificate instead of the WIN2008 IIS certificate.

Yes - that's the way that proxypass works. It's a proxy, not a forwarded connection.

Quote
Should I try https://192.168.93.2/ instead of http on the target line?  Would that pass the Win2008 through the SME out to the Internet?

No, the only way that you can get the Win2008's certificate to be visible is to use port forwarding, and you'd have to use a non-standard port. e.g.:

https://your.domain.name:444/

and port forward port 444 to port 443 on your internal server.
Logged

Offline daniel

  • ****
  • 146
  • +0/-0
  • Platinum Sponsor
    • http://www.charton-mgmt.com
Re: Proxypass and SSL certificates
« Reply #2 on: May 19, 2011, 10:27:39 PM »
Thanks for the clarification.  Maybe I can revisit trying to make mono work on SME8b6 for a substitute IIS server. 
Logged

Offline mmccarn

  • *
  • 2,656
  • +10/-0
Re: Proxypass and SSL certificates
« Reply #3 on: May 21, 2011, 04:14:03 PM »
Quote from: CharlieBrady on May 19, 2011, 10:23:53 PM
No, the only way that you can get the Win2008's certificate to be visible is to use port forwarding

Isn't it also possible to install the WIN2008 cert on the SME server, assuming that doesn't conflict with something else?
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Proxypass and SSL certificates
« Reply #4 on: May 21, 2011, 05:05:33 PM »
Quote from: mmccarn on May 21, 2011, 04:14:03 PM
Isn't it also possible to install the WIN2008 cert on the SME server, assuming that doesn't conflict with something else?

That might cause some problems from the LAN (two different systems with the same cert), but might solve the problem when accessed from the Internet.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: Proxypass and SSL certificates