Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: daniel on May 19, 2011, 07:38:14 PM

Title: Proxypass and SSL certificates
Post by: daniel on May 19, 2011, 07:38:14 PM

Following the wiki http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass (http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass) for Proxypass I setup the SME server to pass a DNS directly to a windows 2008 IIS server sitting behind the SME. 

This successfully passes the https request to the windows server.  However when Internet Explorer connects to the Windows server from outside, it says the certificate is invalid.  When looking at the certificate it gets, shows the SME certificate instead of the WIN2008 IIS certificate. 

Here are my db domains parameters.
portal.charton-mgmt.com=domain
Nameservers=internet
ProxyPassTarget=http://192.168.93.2/
TemplatePath=ProxyPassVirtualHosts/

Should I try https://192.168.93.2/ instead of http on the target line?  Would that pass the Win2008 through the SME out to the Internet?

Thanks.

Title: Re: Proxypass and SSL certificates
Post by: CharlieBrady on May 19, 2011, 10:23:53 PM

Quote from: daniel on May 19, 2011, 07:38:14 PM

When looking at the certificate it gets, shows the SME certificate instead of the WIN2008 IIS certificate.

Yes - that's the way that proxypass works. It's a proxy, not a forwarded connection.

Quote

Should I try https://192.168.93.2/ instead of http on the target line?  Would that pass the Win2008 through the SME out to the Internet?

No, the only way that you can get the Win2008's certificate to be visible is to use port forwarding, and you'd have to use a non-standard port. e.g.:

https://your.domain.name:444/

and port forward port 444 to port 443 on your internal server.

Title: Re: Proxypass and SSL certificates
Post by: daniel on May 19, 2011, 10:27:39 PM

Thanks for the clarification.  Maybe I can revisit trying to make mono work on SME8b6 for a substitute IIS server. 

Title: Re: Proxypass and SSL certificates
Post by: mmccarn on May 21, 2011, 04:14:03 PM

Quote from: CharlieBrady on May 19, 2011, 10:23:53 PM

No, the only way that you can get the Win2008's certificate to be visible is to use port forwarding

Isn't it also possible to install the WIN2008 cert on the SME server, assuming that doesn't conflict with something else?

Title: Re: Proxypass and SSL certificates
Post by: CharlieBrady on May 21, 2011, 05:05:33 PM

Quote from: mmccarn on May 21, 2011, 04:14:03 PM

Isn't it also possible to install the WIN2008 cert on the SME server, assuming that doesn't conflict with something else?

That might cause some problems from the LAN (two different systems with the same cert), but might solve the problem when accessed from the Internet.