WinGate Forums

WinGate Proxy Server and other Qbik products

Skip to content

Reverse Proxy: Present Different host-based certificate

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Post a reply

Reverse Proxy: Present Different host-based certificate

Postby ibraheems » Jan 07 15 2:04 pm

Hello,

We own the enterprise version and are using WinGate to reverse proxy some of the stuff that our firewall doesn't handle well.

Some of these sites are https encrytped and force an https connection using javascript on the client side. That's fine, we can present a fake certificate that the client PC trusts and get around this.

The only problem is that it seems WinGate binds a certificate to an interface/service rather than based on hostname.

Is there any way to present a different certifcate to the user based on request-hostname to get around the bad-certificate warnings?

That would be awesome, otherwise, please put in a feature request :)

Thanks,
Ibraheem
ibraheems
 
Posts: 6
Joined: Jul 04 14 7:06 am
Top

Re: Reverse Proxy: Present Different host-based certificate

Postby adrien » Jan 07 15 7:24 pm

Hi

there is a way to do server cert selection based on host name, but WinGate doesn't support this yet, and it will rely on an SSL/TLS extension being used by the client to advertise the host name in the TLS client hello packet. We do have plans to add support for this.

Alternatives could be to use a wild-card cert (if all domains share a common root), or subject alternate name certificate if there are a known number of sites.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland
Top
Post a reply

Return to WinGate

Who is online

Users browsing this forum: No registered users and 6 guests

Switch to mobile style
Powered by phpBB® Forum Software © phpBB Group