I am using a program called: Proxytunnel to establish secure communication from my Windows 7 client through a forward proxy server I created in an Apache Virtualhost on my home LAN. I use this to establish a tls encrypted connection to my ssh server on my LAN.
Proxytunnel has an option to specify a CA cert for server certificate verification. I hardly have any idea what this means. I have an Apache website on my LAN which is SSL enabled using Letsencrypt. I have these lines in the Virtualhost:
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
So I used Certbot to create these certificates.
I want to run this Proxytunnel program from a Windows command line. Something like this:
proxytunnel -v -p example.com:443 -d 192.168.1.124:22
This will connect me through my forward proxy at example.com on port 443 and use the Apache CONNECT to forward to the ssh port 22.
The Proxytunnel program has another command line argument -C that allows me to provide a CA cert for server certificate verification. I don’t know how to supply this file. The Proxytunnel documentation says:
-C, --cacert=filename/directory Specify a CA certificate file (or directory containing CA certificate(s)) to trust when verifying a server SSL certificate. If a directory is provided, it must be prepared with OpenSSL’s c_rehash tool. (default: /etc/ssl/certs)
Can someone advise me how maybe I convert one or all of my Letsencrypt certificates and use it or them as a command line parameter to Proxytunnel program to achieve this client certification authentication?
> proxytunnel -v -C myCAcert.pem -p example.com:443 -d 192.168.1.124:22