Hi all, Apologies for duplicating this email again. I had some problems with my mailbox and thought that the original email did not get through. I also updated the version of the Apache version from 2.0.39 to 2.0.40 because I tested both with the same results.
Regarding the question itself, I would really appreciate if somebody could give some suggestions. Thanks again. regards, Lee Hoo Wah -----Original Message----- From: Lee Hoo Wah [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 22, 2002 10:33 AM To: [EMAIL PROTECTED] Subject: SSL Reverse Proxy with Client Certificate is dying Hi, I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to connect to a SSL Server. |HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server| There is a Client Certificate on the Reverse Proxy which must be presented to the Web Server for authentication. But I see from the log files, after the initial SSL handshaking, immediately after the "Proxy client certificate callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the Reverse Proxy just dies without any error in the log file. The child process initialises itself all over again. My browser on the front end receives a "Page not found" error. I double checked my cert pathing using "openssl" and curl to go into the SSL server and it works. So I think the certificate should be ok. Are there anything else that I have left out? I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both returns the same error. Really appreciate any help that might come along. Thanks in advace. regards, Lee Hoo Wah ____________________________________________ [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2, subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root [debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0, subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server certificate A [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server certificate request A [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A [debug] ssl_engine_kernel.c(1620): Proxy client certificate callback: (xxx.xxx.xxx:80) entered [debug] ssl_engine_kernel.c(1593): Proxy client certificate callback: (xxx.xxx.xxx:80) found acceptable cert, sending /C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx [notice] Parent: child process exited with status 3221225477 -- Restarting. <<<<<< CHILD PROCESS DIES [debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable. [info] Init: Initializing OpenSSL library _______________________________________ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]