Authentication and Content Security for Outbound HTTPS

[BarryStiefel]

Authentication and Content Security for Outbound HTTPS



(Relevant to FireWall-1 4.0 and above)

Due to the nature of HTTPS, it is only possible to authenticate or provide Content Security for HTTPS when the client specifies the firewall as the proxy for HTTPS (Called "Security" in recent versions of Netscape). Some other steps must be performed as well.

1. Ensure the following line exists in $FWDIR/conf/fwauthd.conf:

443 in.ahttpd wait 0

If it's not there or it's commented out, add/uncomment it and bounce FireWall-1.

2. Modify the pre-defined service https. In FireWall-1 4.1 and earlier, change the protocol type from "None" to "URI."

You may now use HTTPS for authentication or content security as appropriate. In pre-4.1 SP2 versions of FireWall-1, the client may need to be configured to use the firewall as a proxy for HTTPS requests.

-- PhoneBoy - 30 Dec 2003

FAQForm FAQs.Class: AuthenticationFAQs OperatingSystem?: FAQs.Version: