Proxy client certificate

Sat, 20 Apr 2002 22:13:31 -0700 

Hello All,

   ** I am sorry to send you this mail again. If
someone knows anything on this, please reply. Thanks a
lot in advance **.
 
  I am trying to make a proxy server(apache 1.3.22
compiled after enabling SSL_EXPERIMENTAL) authenticate
itself to a backend server(apache 1.3.19) which is in
the same machine (although in a real scenario the
backend server will run on a different machine).
 
   Proxyserver listens at port 6666 on a machine and
the backend server listnes at 127.0.0.2:8443. All the
communications are SSL-enabled.
 browser ->---SSL + client auth--> Proxy server
--SSL-->backend server.
  Browser authenticates itself to the proxy server
whereas proxy server does not authenticate itself to
the backend server.
   
 Now, the need is to make the proxy server also
authenticate itself to the backend server. 
 The proxy server has  the directive
"SSLProxyMachineCertficateFile" in it's httpd.conf.
This directive has the value set to the its'(proxy's)
client certificate. 
 Should I need to set the value for  
SSLProxyCACertficateFile also?
 
The error I see in the browser is:
        ------------------
     The proxy server received an invalid response
from an upstream server.

The proxy server could not handle the request GET /.

Reason: SSL proxy connect failed (test:6666): peer
127.0.0.1:8443: key values mismatch
        -------------------

and the error that I see in the backend server is 
       ---------------------
[error] mod_ssl: SSL handshake failed (server
vvos3:8443, client 127.0.0.1) (OpenSSL library error
follows)
[Sun Apr 21 10:56:32 2002] [error] OpenSSL:
error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate [Hint: No CAs known to server for
verification?]
         ------------------------
Can anyone please throw light on this ?

Thanks a lot in advance.

Thanks and Regards,
Anbu

__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to