[squid-users] Squid 2.6 STABLE4 SSL reverse proxy on Linux Debian 3.1 for BEA WebLogic 8.1 on Red Hat 9

From: nick humphrey <nick.c.humphrey@dont-contact.us>
Date: Thu, 9 Nov 2006 09:33:06 +0100

you can see from my title what i'm trying to do. basically just
channel https/SSL traffic from internet users through a squid reverse
proxy to a backend rh9 server running weblogic using a free trial
Verisign certificate. both machines are in the same internal network
(same ip scheme).

i've got things working, except for verifying of the peer (weblogic):
http://norgesinternettforum.no/showpost.php?p=2652&postcount=2

i have been reading online for 8 hours a day the last 3-4 days and am
about to throw in the towel and just run this biotch without verifying
the peer, but henrik nordström says that this exposes me to a man in
the middle attack. who would an attacker be getting in the middle
between and how would he decrypt encrypted traffic?

what is squid's actual role in this type of environment? is squid
verifying external users? if so, then i would think that i should have
created a csr (certificate signing request) from the debian machine
running squid and submitted that to verisign instead of from the rh9
machine because i thought that an ssl only works on one machine. but
then how would i run https on weblogic without an ssl certificate?

Nick
Received on Thu Nov 09 2006 - 01:33:11 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST