0

I am currently investigating LittleProxy to use it as a man-in-the-middle between the company and the systems it is using outside of the company. We will provide logging and auditing capabilities in the middle. SSL (https) is used to connect the client to the server.

Rather than using a self signed certificate with LittleProxy and exposing it to the client and to the server, is it possible to load a company certificate from the keystone and use it?

Ideally, if I have Client <- https -> LittleProxy <- https -> ExternalSystem

Is it possible to provide the Client Certificate to the ExternalSystem, and the ExternalSystem certificate to the Client?

The IT security team is ready to provide me with the right certificate?

Is it possible to do it?

Thanks and regards

Gilles

Gilles
  • 357
  • 3
  • 20

1 Answers1

0

I don't have much experience with LittleProxy but we had a similar request from one of our customers and we solved it be adding a header to the HTTP request to the backend (something like 'X-Cert-Hdr') and stuffing the certificate as a string in the value. On the client side, we just manually configured the virtual service with the backend certificate. Of course, our reverse proxy had full PKI both on the client and server side and we were able to configure the full chain of certs for end-to-end mutual auth.