Hi,
I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.
|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|
There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.
I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?
I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.
Really appreciate any help that might come along. Thanks in advace.
regards,
Lee Hoo Wah
____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library
_______________________________________
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
