• 6

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Can IIS (Ideally Azure) do SSL Proxying?

My team has been asked to add a new feature to a project we're working on, and none of can find authoritative details on whether it's possible with Windows/IIS.

The short of it is that we're hoping to have customers update their DNS with a CNAME record to point their website to our server instead of theirs (they why's are trivial - it's what the app does on behalf of your site).

We're using a reverse proxy with several custom modules to serve particular content from the original servers. So far everything works perfectly until we encounter SSL.

Is there a way to have IIS serve up an SSL certificate from another server? In other words, is there a way to be a trusted man in the middle?

I'm hoping that's possible so that we don't have to require all our clients to re-issue their SSL certs. Frankly, we don't want to have to manage hundreds of certs. I'd also like to avoid a UCC situation if there's a way to because it seems to require re-creating the cert each time a client is added.

So, any pointers on proxying/hosting SSL (or even dynamic SSL hosting like http://www.globalsign.com/cloud/) would be appreciated.

Microsoft TMG can do this. It acts as a MITM by serving up the real certificate for the internet side of the request, decrypts it, then re-signs it with a trusted internal certificate for the local side of the request. You then also sign your local internal web server with an internal certificate, and let TMG do the public-request signing.

This way, you can get TMG to inspect the request as it comes in and reverse-proxy it to the correct location.

I don't quite know how helpful this is for your situation though.

  • 0
Reply Report
      • 2
    • @Acoustic - not really I'm afraid. Most of the documentation for TMG is on the technet portals. When you're looking for is under Firewall Rules, then Publish Web Server. When you're after is fairly complex though, so I don't really know where it would be documented.
      • 1
    • Mark, Thanks for the pointer towards this product. Do you know of any documentation that outlines how to do what you're suggesting? I'm totally new to TMG, I'm not sure where to start, and I'm finding little by way of Google. Thanks!

Trending Tags