This post is intended for testing purposes only.
On production, apache should be allowed to check the cert as it is supposed to do by default.
This is one of the good hardening features that apache 2.4.x has over apache 2.2.x.
To stop all SSL validation on doing a proxy to an HTTPS back end; we need to use the following directives:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
as of apache 2.4.7 the directive SSLProxyCheckPeerName overrides the PeerCN one and is also needed to be set to off.
Please check the below Stackoverflow link.
http://stackoverflow.com/questions/19294816/is-it-possible-to-ignore-an-apache-proxyd-certificate
On production, apache should be allowed to check the cert as it is supposed to do by default.
This is one of the good hardening features that apache 2.4.x has over apache 2.2.x.
To stop all SSL validation on doing a proxy to an HTTPS back end; we need to use the following directives:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
as of apache 2.4.7 the directive SSLProxyCheckPeerName overrides the PeerCN one and is also needed to be set to off.
Please check the below Stackoverflow link.
http://stackoverflow.com/questions/19294816/is-it-possible-to-ignore-an-apache-proxyd-certificate
No comments:
Post a Comment