4

Here's the deal:

  • Our client software can only connect using http protocol, it can not do https.
  • However, security requirements dictate end-to-end security, so we need to use https when talking to the server.
  • Now I have been able to do this in a testing environment by using stunnel with the following configuration:

stunnel.conf file:

[mylocalproxy]
client = yes
accept = 127.0.0.1:3000
connect = the.real.server:443
  • Given the stunnel config above, I can configure my test client to use endpoint address http://localhost:3000/endpoint/url/ and everything works fine.
  • But on the production environment, the client side does not have direct network access to the.real.server. Http/s traffic from the client side has to go through a proxy server.
  • My questions:
    • Is it possible to configure stunnel to connect using a proxy server?
    • If not possible using stunnel, is there another way I can accomplish this?
codeape
  • 455
  • 2
  • 10
  • 16
  • What type of proxy do you have in your environment? Is the client software not proxy-aware? – bentek Oct 08 '15 at 13:25
  • I believe the proxy server is Forefront TMG. – codeape Oct 08 '15 at 16:51
  • Not sure if the client software is proxy-aware, but will that make a difference? Since the client can not do https, it won't do https over a proxy either. – codeape Oct 08 '15 at 16:53

1 Answers1

0

You can do it with:

[SSL Proxy]
accept = 8443
connect = 8084
cert = certificate.pem
key = private_key.pem

You will need a certificate from a certificate authority to allow https client connections.

Daniel K
  • 633
  • 1
  • 4
  • 15
Bokili Production
  • 1
  • 2