Hi,
I'm trying to get mod_proxy to work as an SSL proxy using a client
certificate on the proxy to connect to a backend IIS server that's set up
to use any client certificate signed by my OpenSSL-based CA.
If I use a browser with the same certificate bundled up as a PKCS12
bundle, through the proxy, it all works, but what I really need is for
Apache/mod_ssl to use a locally stored version of the cert/key to connect,
then let the IIS server do its normal basic auth. That's one single
client cert/key for all externally connecting users (yes, I understand
the ramifaction- it's not for user authentication,) not a per-user proxy
cert.
Here's what I have in my Apache ssl.conf file:
RequestHeader set Front-End-Https "On"
CacheDisable *
SSLProxyEngine On
ProxyPass /app https://iisserver/app
ProxyPassReverse /app https://iisserver/app
SSLProxyMachineCertificatePath conf/cert
SSLEngine on
conf/cert contains user.pem, a .pem cert file with an RSA private key
catenated to it. I also have a hash link to the user.pem cert file.
Just in case, I've also added "export OPENSSL_ALLOW_PROXY_CERTS=1" to
bin/envvars.
Can anyone tell me what I'm doing wrong?
Thanks,
Paul
---------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
