Solved

SSL(https)  though Proxy device

Posted on 2010-11-24
5
810 Views
Last Modified: 2012-06-21
Hi ,

My question is
Q1.Can anyone explain me how SSL (HTTPS) connections work through a Proxy device (forward proxy)
Q2.I am confused why  certificate is required on the proxy device in order to pass requested traffic from the browser. how does this whople proccess work ?
Q3. Waht does SSL client mean ... i see this option avialiable on the  Blucoat proxy device
Q4.I recently installed a bluecoat ProxySG510 device in our enviroment but i cannot open any https connections (it already has a default certificate installed on it.) can anyone explainn me why ?

Please advice


0
Comment
Question by:gurkamal01
5 Comments
 
LVL 61

Accepted Solution

by:
gheist earned 250 total points
ID: 34211720
A1 HTTPS connections usually use tcp port 443
A2 probably it re-encrypts all the sites from the web under its own certificate
A3 browsers send HTTP CONNECT request and than attach ssl client to resultant connection
A4 i have no idea... What error you get from https://login.yahoo.com/ ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 34212585
There are two types of proxies, forward and reverse.  Are you trying to use the Bluecoat as a forward proxy or a reverse proxy?

Forward proxies are the "norm" and this is where you configure your web browser to use a proxy or you can also install the proxy in-line so that it is transparent.

Reverse proxies are used to front end web/application servers for load balancing.

There are two ways to pass HTTPS traffic through a proxy (either forward or reverse).  

One way is where the proxy just acts as a relay device.  It gets a packet on the ssl'ed port (as gheist stated normally this  is 443 for http traffic) and then relays the packet to the real server.  The proxy can't see inside the packet because it is encrypted.  This is the norm.

Another way is it is the actual end point in the SSL session and it has the key and will decrypt the packet, maybe examine information in the packet to make some decisions, and then forward the packet to the correct destination.    Depending on if you are using a forward or reverse proxy will depend where you may or may not want to do encryption/decyption.  Examples:



  SERVER <-- SSL'ed traffic --> Forward PROXY pass thru <-- SSL'ed traffic --> Client
  SERVER <-- SSL'ed traffic --> Forward PROXY decrypt  <-- clear text traffic --> Client

  SERVER <-- SSL'ed traffic --> Reverse PROXY pass thru <-- SSL'ed traffic --> Client
  SERVER <-- SSL'ed traffic --> Reverse PROXY decrypt <-- SSL'ed traffic --> Client
  SERVER <-- clear text traffic --> Reverse PROXY partial decrypt <-- SSL'ed traffic --> Client


Pass thru means that the proxy just passes the traffic through without doing any encptyion

Decrypt means that the proxy is decrypting the traffic and re-encrypting the traffic.  In this setup the proxy must have a key file.

Partial decrypt is when the connection between the proxy and the client is encrypted, but the session between the proxy and the server is not.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34936517
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 43
Vlan to Vlan communication 9 69
DNS @ Naked Domain Record 5 57
SOFS cluser offline 3 39
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now