Currently you would need to manually install certificates on the ATS box that match the upstream destinations. This works well for reverse proxy but is somewhat problematic in the forward case. There is an experimental plugin, "plugins/experimental/certifier" in the ATS 9.0 release which should be able to do this. It should compile and run on ATS 7.x or ATS 8.x. You would still need to create your own root certificate and install that on the user agents.

On Fri, Aug 31, 2018 at 1:43 PM vishu_54 <vishali.somaskanthan@viptela.com> wrote:
Hi all,
I am new to apache traffic server. I am trying to configure ATS as a forward
proxy and wanted to do SSL termination on both ends - client/traffic server
and traffic server/origin server connections.

It is mentioned in the documentation that when SSL termination is enabled on
both ends, "then Traffic Server re-encrypts the content and sends it to the
client via HTTPS, where it is decrypted and displayed. " How does ATS handle
getting the reply back to the client? Does it mimick the server certificate
and communicate with the client pretending to be the origin server with
respect to the client?

Secondly, does traffic server allow mentioning client certificate from self
signed CA in recors.config/ssl_multicert.config ??




--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/


--
Beware the fisherman who's casting out his line in to a dried up riverbed.
Oh don't try to tell him 'cause he won't believe. Throw some bread to the ducks instead.
It's easier that way. - Genesis : Duke : VI 25-28