Accessing HTTPS services through VPN Connection
written-by
Daniel Carrillo Broeder
How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
legacy-article
learn-legacy-article-disclaimer-text
Issue
- Multiple security/certificate/host errors can occur when trying to access an internal HTTPS service through a SaaS/PaaS VPN connection.
Environment
- Liferay PaaS/SaaS client-to-site VPN connection.
- Set up port forwarding to a HTTPS service. (e.g. vpn:1000 → 10.10.10.10:443).
Resolution
- At this moment, the vpn host does not support https as it relies in port forwarding.
- Fundamentally, the infrastructure requires three elements to establish a VPN connection:
-
VPN Server: Along with internal services.
- E.g., 111.112.113.XYZ:443 (Sample public IP).
-
VPN Client (Cloud service): Connects to the VPN Server
- E.g., vpn:1000 → 10.10.10.10:443 Port forwarding
-
Liferay (Cloud service): Access the VPN service through the vpn:1000 host.
- Since Liferay has no visibility into the internal network or services of the VPN, all connections to VPN services will be made using the VPN host, which may lead to certificate errors
- This limitation will not be an issue in some cases, and the connection will be successfully established.
- However, allowing invalid SSL connections for this host on both client and server sides could help resolve this limitation.
- If the connection issue persists, an HTTP service may be required.
did-this-article-resolve-your-issue