Reverse Proxy: Present Different host-based certificate

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
ibraheems
  • ibraheems
  • Posts: 6
  • Joined: Jul 04 14 7:06 am

Reverse Proxy: Present Different host-based certificate

Jan 07 15 2:04 pm

Hello,

We own the enterprise version and are using WinGate to reverse proxy some of the stuff that our firewall doesn't handle well.

Some of these sites are https encrytped and force an https connection using javascript on the client side. That's fine, we can present a fake certificate that the client PC trusts and get around this.

The only problem is that it seems WinGate binds a certificate to an interface/service rather than based on hostname.

Is there any way to present a different certifcate to the user based on request-hostname to get around the bad-certificate warnings?

That would be awesome, otherwise, please put in a feature request :)

Thanks,
Ibraheem
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: Reverse Proxy: Present Different host-based certificate

Jan 07 15 7:24 pm

Hi

there is a way to do server cert selection based on host name, but WinGate doesn't support this yet, and it will rely on an SSL/TLS extension being used by the client to advertise the host name in the TLS client hello packet. We do have plans to add support for this.

Alternatives could be to use a wild-card cert (if all domains share a common root), or subject alternate name certificate if there are a known number of sites.

Regards

Adrien
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index