Hi A customer has the following setup with Apache/mod_ssl:
One virtual host on port 5100, which is tranlated to port 443 by the firewall. One virtual host on port 5000, which is not translated by the firewall. Both virtual hosts use SSL Client Authentication. While the untranslated virtual host works without problems, the translated one does not. The handhsake seems to happen (the client certificate is requested and the server certificate is checked by the client), but after that, the connection is then lost. Is there a general problem with port tranlation (couldn't think of any) or has anybody expierienced similar problems? Bye Tim Log File: 07/Apr/2002 15:19:10 26023] [info] Server: Apache/1.3.24, Interface: mod_ssl/2.8.8, Library: OpenSSL/0.9.6b[07/Apr/2002 15:19:10 26023] [info] Init: 1st startup round (still not detached)[07/Apr/2002 15:19:10 26023] [info] Init: Initializing OpenSSL library[07/Apr/2002 15:19:10 26023] [info] Init: Loading certificate & private key of SSL-aware server ebanking.hbl.ch:5100[07/Apr/2002 15:19:10 26023] [info] Init: Requesting pass phrase via builtin terminal dialog[07/Apr/2002 15:19:11 26023] [info] Init: Loading certificate & private key of SSL-aware server telebanking.hbl.ch:5100[07/Apr/2002 15:19:11 26023] [info] Init: Requesting pass phrase via builtin terminal dialog[07/Apr/2002 15:19:12 26023] [info] Init: Wiped out the queried pass phrases from memory[07/Apr/2002 15:19:12 26023] [info] Init: Seeding PRNG with 136 bytes of entropy[07/Apr/2002 15:19:12 26023] [info] Init: Generating temporary RSA private keys (512/1024 bits)[07/Apr/2002 15:19:13 26023] [info] Init: Configuring temporary DH parameters (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: 2nd startup round (already detached)[07/Apr/2002 15:19:13 26024] [info] Init: Reinitializing OpenSSL library[07/Apr/2002 15:19:13 26024] [info] Init: Seeding PRNG with 136 bytes of entropy[07/Apr/2002 15:19:13 26024] [info] Init: Configuring temporary RSA private keys (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: Configuring temporary DH parameters (512/1024 bits)[07/Apr/2002 15:19:13 26024] [info] Init: Initializing (virtual) servers for SSL[07/Apr/2002 15:19:13 26024] [info] Init: Configuring server ebanking.hbl.ch:5100 for SSL protocol[07/Apr/2002 15:19:13 26024] [warn] Init: (ebanking.hbl.ch:5100) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)[07/Apr/2002 15:19:13 26024] [info] Init: Configuring server telebanking.hbl.ch:5100 for SSL protocol[07/Apr/2002 15:19:13 26024] [info] Init: (telebanking.hbl.ch:5100) RSA server certificate enables Server Gated Cryptography (SGC)[07/Apr/2002 15:20:14 26025] [info] Connection to child 0 established (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:14 26025] [info] Seeding PRNG with 23177 bytes of entropy[07/Apr/2002 15:20:14 26025] [info] Connection: Client IP: 172.16.1.206, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)[07/Apr/2002 15:20:14 26025] [info] Connection to child 0 closed with standard shutdown (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:15 26027] [info] Connection to child 2 established (server telebanking.hbl.ch:5100, client 172.16.1.206)[07/Apr/2002 15:20:15 26027] [info] Seeding PRNG with 23177 bytes of entropy[07/Apr/2002 15:20:15 26027] [info] Connection: Client IP: 172.16.1.206, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)[07/Apr/2002 15:20:15 26027] [info] Initial (No.1) HTTPS request received for child 2 (server telebanking.hbl.ch:5100)[07/Apr/2002 15:20:15 26027] [info] Connection to child 2 closed with unclean shutdown (server telebanking.hbl.ch:5100, client 172.16.1.206) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]