Hi, I'm trying to get mod_proxy to work as an SSL proxy using a client certificate on the proxy to connect to a backend IIS server that's set up to use any client certificate signed by my OpenSSL-based CA.
If I use a browser with the same certificate bundled up as a PKCS12 bundle, through the proxy, it all works, but what I really need is for Apache/mod_ssl to use a locally stored version of the cert/key to connect, then let the IIS server do its normal basic auth. That's one single client cert/key for all externally connecting users (yes, I understand the ramifaction- it's not for user authentication,) not a per-user proxy cert. Here's what I have in my Apache ssl.conf file: RequestHeader set Front-End-Https "On" CacheDisable * SSLProxyEngine On ProxyPass /app https://iisserver/app ProxyPassReverse /app https://iisserver/app SSLProxyMachineCertificatePath conf/cert SSLEngine on conf/cert contains user.pem, a .pem cert file with an RSA private key catenated to it. I also have a hash link to the user.pem cert file. Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to bin/envvars. Can anyone tell me what I'm doing wrong? Thanks, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
