Web Application Firewall & Reverse Proxy

 View Only
Back to discussions
Expand all | Collapse all

How to add a keyring based on requested ressources

  • 1.  How to add a keyring based on requested ressources

    Posted Feb 20, 2018 09:44 AM

    Hi,

     

    We have a bleucoat reverse proxy protecting several servers on our DMZ.

     

    We need to add a keyring/certificate for only 1 server. 

     

    Example : if we ask for server1 ==> keyring1 is used.

    if we ask for any other service, keyring2 is used.

     

    Is it possible ?

    I thought about adding a new reverse proxy service and changing the keyring but i foud that the proxy service is based on the listner and not on the requested resoource.

     

    any help please ?

     

    regards,



  • 2.  RE: How to add a keyring based on requested ressources
    Best Answer

    Posted Feb 20, 2018 11:15 PM

    Hi,

     

                    We do have a limitation/requirement on one Keyring per RP service. If you want to have set a different keyring for a specific site, we will have to split it at the listener level.i.e. adding a new listener IP:Port  At present SNI based certificate delivery is not an option so we will have to deal this by having different listeners.

     

    Note: If using a different Keyring is not a must and you want all in same listener, we can think of below options too

     

    1) If all RP services belong to same domain, we can have a wildcard cert keyring

    or

    2) If domains are different, DNS alt-name based certificate will helpful



  • 3.  RE: How to add a keyring based on requested ressources

    Posted Feb 21, 2018 03:53 AM

    tnak you Aravind :)