"David Norris" wrote in message news:***@bt.com...
"D. Stussy" wrote in message news:lpkecr$b1a$***@snarked.org...
"David Norris" wrote in message news:692651578426629413.738424davidn-cotexfood-***@news.btinternet.com...
I have a Problem with HTTPS via network address translation. I have enabled
HTTPS and found that it works just fine over the local area network, but
although plain HTTP on port 80 is visible as ever in the outside world, the
HTTPS is usable in the LAN only (outside on the internet, port 443 appears
open as does port 80), but connection attempts fail with the error "cannot
establish a secure connection" or similar. Both ports 80 and 443 are
forwarded through the router. The HTTPS service uses a self signed
certificate for the tests.
Can anyone tell me what mistake I have made? You can see for yourself on
http://www.cotexfood-trading.com (for the regular http) and
https://www.cotexfood-trading.com (for the new HTTPS I am testing).
=================

HTTPS requires consistency between the host name and the certificate. It's
quite possible that host name consistency requires a forward-confirmed
reverse DNS entry. With NAT, you most likely do not have the latter because
what the client sees is the translated IP address which often does not
match.

In other words, NAT breaks the secured socket layer, so of course it doesn't
work.

I don't suppose there are any workarounds? I hadn't thought of that.
=================

The only thing I can suggest is to run an HTTP(S) proxy server at the NAT
device, which may or may not be possible depending on the device.