HPE Community
Operating System - HP-UX
1834220 Members
3237 Online
110066 Solutions
New Discussion

Webproxy -- again.

 
Marc Dijkstra
Trusted Contributor

‎08-23-2002 04:26 AM

‎08-23-2002 04:26 AM

Webproxy -- again.

Hi all,

Scenario:
HP-UX 11.04
VirtualVault 4.6
Webproxy 2.0

I have a MS IIS server with SSL enabled behind my Vault that I am proxying via webproxy 2.0, the IIS server is set up to "require client certs".
From the intranet (test.mydomain-in.com), I get the normal "client identification" pop-up, where I can select my cert, but when I try this thru the Virtual Vault's proxy (vvos.mydomain-out.com/test) I just get the HTTP 403.7 error "The page requires a client certificate" -- it does not proxy the request for the pop-up.

1) Does anybody have any idea WHAT I should proxy for the pop-up?
2) Can I, without simply allowing all certs, not requiring, pass my cert from my IE browser without the popup? (I know thats an MS question, but.....)

Any help would be MUCH appreciated.

MND
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila"
0 Kudos
Reply
2 REPLIES 2
harry d brown jr
Honored Contributor

‎08-23-2002 04:41 AM

‎08-23-2002 04:41 AM

Re: Webproxy -- again.

Marc,

The first thing I would do is get rid of those VV's. I replaced 20 of them with Bastion Hosts and our life on the internet has been wonderful! And I saved a lot of CASH by not having those VV's!

Yes, I know that they are supposedly secure systems, but the maintenance, additional cost of development, and the loss of performance just aren't worth it. We have bastion hosts in the DMZ surrounded by TWO different firewalls, also with routers with very strick routing rules, and with very strick routing rules on our bastion hosts. We have never been hacked, although we have thousands of attempts weekly.

I know it doesn't answer your question so just give it a zero (0), but think about the change.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Marc Dijkstra
Trusted Contributor

‎08-23-2002 04:49 AM

‎08-23-2002 04:49 AM

Re: Webproxy -- again.

Harry,

Yeah, yeah -- I am implementing them for a customer, I don't have a choice! I have been fighting the proxy of the certs for days now!

Ho hum, as a famous quote on the forums goes..

"ours is not to do or die, ours is to alias rm to rm -i"

Thanks anyway,

MND
"A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.