3.1. Procedure – Configuring one-sided SSL
Purpose:
To disable encryption on one side of the connection for an existing Encryption Policy that is configured to handle HTTPS connections, complete the following steps.
Note |
---|
Obviously it is not possible to use keybridging together with one-sided SSL connections, but for a possible solution, see Procedure 3.2.3, Transferring certificate information in one-sided HTTPS. |
Steps:
Navigate to
, and select the proxy to be modified, or create a new one (for example,OnesidedHttpsProxy
).To disable encryption on the client side, add the
self.ssl.client_connection_security
parameter to the panel, then set it toconst_ssl_none
.To disable encryption on the server side, add the
self.ssl.server_connection_security
parameter to the panel, then set it toconst_ssl_none
.
Python: Add one of the following lines to proxy:
self.ssl.server_connection_security = SSL_NONE self.ssl.client_connection_security = SSL_NONE
When Zorp is used to protect the servers, you must deploy the certificate of the server (including its private key) to Zorp, so that Zorp can show the certificate to the clients that connect to the server. The proxy used in the connection must be configured to use this certificate when communicating with the clients. Complete the following steps.
Import the certificate of the server into ZMS, and set the firewall to be its owner host. For details, see Procedure 11.3.8.6, Importing certificates in Zorp Professional 7 Administrator Guide.
Navigate to
, and select the proxy to be modified (for example,OnesidedHttpsProxy
).Select (or add, if not already present) the
self.ssl.server_keypair_files
parameter, then click .A window showing the certificates available on the host appears. Select the certificate of the server.
Note The list displays only the certificates where the firewall host is set as the owner host of the certificate (that is, both the certificate and its private key is available).
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu