Squid reverse proxy and OS X server
I've a OS X Server for Profile management of iOS devices.
The login pages are accessible (through 80 and 443 with Squid) the right port are opened trough NAT.
If the OS X server is directly nated with 80 and 443 everything is fine in LAN/WAN
If the OS X server is behind the squid in LAN no issue in WAN impossible to enroll certificat and if certificat is previously enrolled impossible to push settings or to remotely wipe a device.
Any idea what I have missed with squid ??
I,ve a similar problem (i use proxy_mod_security package (apache)) for reverse proxy.
All ok in LAN or via IPv6 (direct without proxy) - if i try to enroll a new device it fails.
The problem is, that the device wants to authenticate with to Server with a client certificate - but instead it try's to authenticate with the reverse proxy witch breaks Cert Auth.
Here's some information about it: http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-reverse-proxy/start
Not that simple
Have tried many different configurations and don't get it to work
Get these error with my Apache Proxy:
Certificate Verification: Error (20): unable to get local issuer certificate
Re-negotiation handshake failed: Not accepted by client!?
Thats maby an interresting topic for you: http://forums.freebsd.org/showthread.php?t=26708
I have a better understanding of the why and maybe for the how
I'll manage to keep you posted