How to setup SSL proxy server?

[V00D00]

I want to be able to connect securely to a proxy server from anywhere so I can always have a secure internet connection. Is this possible? Like this:

[Me... from anywhere] -> (Secure SSL Connection) -> Proxy -> Internet

You can always specify a proxy server in whatever web browser you're using, so I want to setup this server on my home connection with a cable line, and then be able to use my home connection as a gateway to connect securely to anything.

I know I just need some software, but do I need some kind of plugin to support a secure connection to the proxy? I'm thinking a firefox plugin possibly?

 

[Nothinman]

To do that securely will be a decent amount of work, otherwise you'll be opening up a proxy for anyone to use. And you'll most likely need some software on your client since most tools don't let you wrap them in SSL easily. Personally I just use SSH port forwarding.

 

[V00D00]

Does anyone know anything about programming plugins for firefox and perhaps SSL???

 

[Nothinman]

Seems like overkill when you can already fun generic tunneling tools like stunnel and ssh.

 

[V00D00]

But can you use them with windows? And can you tunned an HTTP connection securely through them? Have any links for these programs??

 

[Monoman]

look up CGIProxy. It's what I use and it's all https on your end. you connect th ethe proxy via http and surf the web anonymously and securly dealing with whatever monitoring tools.

 

[gaidin123]

Just use SSH and use the dynamic port forwarding feature. It will let you tunnel any application that supports SOCKS proxies as well as tunnel something like all http and https traffic. Use Putty (free) on the windows side as the client, and openssh on any linux, unix, cygwin windows box.

Gaidin

Edit: Making your own plugin is probably overkill since both IE and firefox let you specify http and https proxies. If you tunnel over ssh then everything is encrypted up to your linux box. If you are in a public location or using someone else's computer you may not have access to change proxy settings and you should not have the ability to install plugins.

 

[V00D00]

I'll try the SSH tunneling thing, I was trying to set it up with stunnel, but I couldn't figure it out. This makes more sense though, and I didn't really know what I was doing with stunnel.

 

[Monoman]

or you could set up the cgi proxy like I said and use it from ANYWHERE, no config settings required.

 

[V00D00]

I don't think I can use that, my home isp blocks all HTTP traffic, so I think I can only use the SSH method.

 

[V00D00]

Ok, I can get an SSH connection, but I can't get the port forwarding to work.

 

[Genx87]

bumping this because I actually have a question about SSL certs in Windows.

Are you required to get a cert from a 3rd party or can you authorize your own by installing the CA in win2k3?

Want to setup the ability to do RPC over HTTP and it requires an SSL cert on the web site.

 

[gaidin123]

So this is totally offtopic but you can install your own CA in windows or just generate a cert yourself with openssl. The key thing to keep in mind is that unless you install your CA as a trusted root certificate authority on every windows client, the client workstations won't trust the cert (manual confirmation every time).

With RPC over HTTPS for outlook, it is awesome when you have it working. I do not know whether you need to have a cert issued from a trusted root CA. That would be a good question for the whitepapers on how to implement rpc over http on MS's knowledgebase. In my case, we paid money for a real cert but I bet you could get around that...if you are implementing this for a medium sized business or one where you do not control the clients through group policy you will have a hard time getting your root CA's cert imported into all of the clients...

Gaidin

 

[Genx87]

We are looking at about 19 clients.

This whole SSL implementation thing seems really vague from microsoft. Ive done a few searches on their site and it seems like they are assuming you have done it before.