[Kolab-devel] Configuration in PREFIX/etc/kolab/kolab-ssl.cnf ?
Martin Konold
martin.konold at erfrakon.de
Thu Jan 26 05:44:10 CET 2006
Am Mittwoch, 18. Januar 2006 14:46 schrieb Thomas Ribbrock:
Hi Thomas,
> I'm currently investigating how to get our kolab server to require
> client certificates when connecting via https. We want to make the admin
> interface and squirrelmail (which also runs on that machine) accessible
> on the outside - but only to our own employees who have been issued a
> suitable certificate. This has been working nicely with our old SLOX
> setup and it would be great, if we could continue to do so.
I recommend a more secure and sensible setup.
User -- Internet - DMZ - Intranet - Kolab
In the DMZ put an Apache reverse proxy.
The client certificate check MUST be in the DMZ on the reverse proxy NOT with
Kolab! (*)
Regards,
-- martin
(*) SSL certificate checks are done _before_ the actual application connection
to the data and cannot be intercepted for reasonable firewall checks (man in
the middle). The later includes the need to make the service accessable to
the internet using a publically routed IP address.
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the devel
mailing list