Configuring Web Reverse Proxy to access SSL website (HTTPS/Port 443)
In order to access an internal website over HTTPS, an additional configuration is required to establish trust between Unified Access Gateway and the internal website. This exercise will explain how configure this trust using the current Intranet Reverse Proxy instance.
1. Access to the Reverse Proxy Settings
- Click Close for the Intranet site tab that you opened for https://uag-internet.corp.local/intranet/.
- Click the Unified Access Gateway Admin UI tab.
- Click the Gear icon next to Reverse Proxy Settings
1.1. Add Reverse Proxy Settings
Your goal for this exercise is to enable external access to the Intranet website over HTTPS through the Unified Access Gateway appliance by using the Reverse Proxy feature.
Click the Gear icon to change the configuration settings for the Intranet instance.
1.2. Configuring Intranet Reverse Proxy Settings
- Change the Proxy Destination URL to
sha1=93 d7 a0 52 b9 0a d9 3a ef 47 dd c7 76 a1 b2 2b f5 70 ed d4for Proxy Destination URL Thumbprints, which represents the list of acceptable SSL server certificates.
NOTE: This is the Thumbprint of the SSL certificate issued to our intranet.corp.local server that the IIS web server is using to establish connections over 443 to the intranet application.
NOTE: If you wish to view and validate the certificate, you can do so by finding the certificate at C:\Users\Administrator\Documents\HOL\Unified Access Gateway\corp_local_wildcard.pfx.
- Click Save.
NOTE: A thumbprint is in the format
alg can be sha1, the default, or md5 and the
xx represents hexadecimal digits of the value. The
: separator can also be a space or removed entirely. The casing of the letters in a thumbprint is ignored. If you do not configure the thumbprints, the server certificates must be issued by a trusted CA.
Additional parameters can be configured for this type of reverse proxy, more information available here.
1.3. Close the Reverse Proxy Settings
2. Validating Reverse Proxy Configuration
- Click on the arrow down for the Reverse Proxy Settings
- Click on the refresh icon for the Edge Service Settings
- Confirm the intranet proxy status is GREEN
After you added the reverse proxy settings for intranet, the Unified Access Gateway appliance tests the communication between appliance and intranet and the status turn GREEN if a connection is possible, otherwise it will show RED.
NOTE - It may take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.
3. Accessing Intranet through Reverse Proxy
- Click the New Tab button to open a new tab
https://uag-internet.corp.local/intranet/in the address bar and press
NOTE: The uag-internet.corp.local hostname resolves to the Internet facing NIC that you deployed the Unified Access Gateway on (192.168.110.160).
The result is the same intranet page hosted on an internal IIS Server. However, the Unified Access Gateway is now accessing the Intranet site on port 443 via HTTPS instead of port 80 via HTTP.
- Access to the intranet site is going through Unified Access Gateway over port 443 as result of the TLS port sharing configuration enabled by default during deployment.
- Access to the Admin UI is going through Unified Access Gateway port 9443 to uag-intranet.corp.local (192.168.120.160).