trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Carroll <>
Subject Re: Certificate mimicking/spoofing in ATS
Date Fri, 31 Aug 2018 19:13:38 GMT
Currently you would need to manually install certificates on the ATS box
that match the upstream destinations. This works well for reverse proxy but
is somewhat problematic in the forward case. There is an experimental
plugin, "plugins/experimental/certifier" in the ATS 9.0 release which
should be able to do this. It should compile and run on ATS 7.x or ATS 8.x.
You would still need to create your own root certificate and install that
on the user agents.

On Fri, Aug 31, 2018 at 1:43 PM vishu_54 <>

> Hi all,
> I am new to apache traffic server. I am trying to configure ATS as a
> forward
> proxy and wanted to do SSL termination on both ends - client/traffic server
> and traffic server/origin server connections.
> It is mentioned in the documentation that when SSL termination is enabled
> on
> both ends, "then Traffic Server re-encrypts the content and sends it to the
> client via HTTPS, where it is decrypted and displayed. " How does ATS
> handle
> getting the reply back to the client? Does it mimick the server certificate
> and communicate with the client pretending to be the origin server with
> respect to the client?
> Secondly, does traffic server allow mentioning client certificate from self
> signed CA in recors.config/ssl_multicert.config ??
> --
> Sent from:

*Beware the fisherman who's casting out his line in to a dried up riverbed.*
*Oh don't try to tell him 'cause he won't believe. Throw some bread to the
ducks instead.*
*It's easier that way. *- Genesis : Duke : VI 25-28

View raw message