Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid reverse proxy and OS X server

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stanthewizard
      last edited by

      Hello

      I've a OS X Server for Profile management of iOS devices.

      The login pages are accessible (through 80 and 443 with Squid) the right port are opened trough NAT.

      If the OS X server is directly nated with 80 and 443 everything is fine in LAN/WAN
      If the OS X server is behind the squid in LAN no issue in WAN impossible to enroll certificat and if certificat is previously enrolled impossible to push settings or to remotely wipe a device.

      Any idea what I have missed with squid ??

      Many thanks

      1 Reply Last reply Reply Quote 0
      • B
        blade5502
        last edited by

        Hello,

        I,ve a similar problem (i use proxy_mod_security package (apache)) for reverse proxy.

        All ok in LAN or via IPv6 (direct without proxy) - if i try to enroll a new device it fails.

        The problem is, that the device wants to authenticate with to Server with a client certificate - but instead it try's to authenticate with the reverse proxy witch breaks Cert Auth.

        Here's some information about it: http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-reverse-proxy/start

        1 Reply Last reply Reply Quote 0
        • S
          stanthewizard
          last edited by

          Not that simple
          :-[

          1 Reply Last reply Reply Quote 0
          • B
            blade5502
            last edited by

            Have tried many different configurations and don't get it to work

            Get these error with my Apache Proxy:
            Certificate Verification: Error (20): unable to get local issuer certificate
            Re-negotiation handshake failed: Not accepted by client!?

            Thats maby an interresting topic for you: http://forums.freebsd.org/showthread.php?t=26708

            1 Reply Last reply Reply Quote 0
            • S
              stanthewizard
              last edited by

              Thanks

              I have a better understanding of the why and maybe for the how

              I'll manage to keep you posted

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.