Hi there. I'm attempting to setup a reverse proxy using OpenBSD-2.7, OpenSSL-0.9.5a, mod_ssl-2.6.4_1.3.12, and Apache-1.3.12. Up to this point, I've gotten the reverse proxy setup and it runs correctly for retrieving port 80 based materials. But I cannot get Apache to launch with SSL support. Here is the error that I am getting from apache-rproxy.elog: [Mon Jun 19 05:26:09 2000] [error] mod_ssl: Init: (openliness-qa.mydomain.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Jun 19 05:26:09 2000] [error] OpenSSL: error:0B080074::lib(11) :func(128) :reason(116) Can anyone help me? I have the cert for openliness-qa on the rproxy server. Do I actually need the key as well or is the proxy becoming transparent after the certificate has been passed from the Proxy to the client? If I'm really curious why http will work, but attempting to start https is failing. Here is my httpd.conf file. ## ## apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage ## # server type ServerType standalone Port 80 Listen 443 MinSpareServers 2 StartServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 100 # server operation parameters KeepAlive on MaxKeepAliveRequests 100 KeepAliveTimeout 15 Timeout 400 IdentityCheck off HostnameLookups on # paths to runtime files PidFile /opt/apache/logs/apache-rproxy.pid LockFile /opt/apache/logs/apache-rproxy.lock ErrorLog /opt/apache/logs/apache-rproxy.elog # unused paths ServerRoot /opt/apache DocumentRoot /tmp CacheRoot /tmp TypesConfig /dev/null AccessConfig /dev/null ResourceConfig /dev/null AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLEngine on SSLPassPhraseDialog builtin SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/opt/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /opt/apache/logs/ssl_engine_log SSLLogLevel info SSLCertificateFile /opt/apache/conf/ssl.crt/snakeoil-rsa.crt SSLCertificateKeyFile /opt/apache/conf/ssl.key/snakeoil-rsa.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /opt/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # speed up and secure processing <Directory /> Options -FollowSymLinks -SymLinksIfOwnerMatch AllowOverride None </Directory> # the status page for monitoring the reverse proxy <Location /rproxy-status> SetHandler server-status </Location> # enable the URL rewriting engine RewriteEngine on RewriteLogLevel 2 NameVirtualHost webhome.mydomain.com:80 NameVirtualHost openliness-qa.mydomain.com:443 <VirtualHost webhome.mydomain.com:80> SSLDisable ServerName webhome.mydomain.com CustomLog /opt/apache/logs/apache-rproxy-wh.dlog "%{%v/%T}t %h -> %{SERVER}e URL: %U" RewriteLog /opt/apache/logs/apache-rproxy-wh.rwlog TransferLog /opt/apache/logs/apache-rproxy-wh.tlog # define a rewriting map with value-lists where # mod_rewrite randomly chooses a particular value RewriteMap server rnd:/opt/apache/conf/apache-rproxy-wh.conf-servers # make sure the status page is handled locally # and make sure no one uses our proxy except ourself RewriteRule ^/apache-rproxy-status.* - [L] RewriteRule ^(http|ftp)://.* - [F] # now choose the possible servers for particular URL types RewriteRule ^/(.*\.(cgi|shtml))$ to://${server:dynamic}/$1 [S=1] RewriteRule ^/(.*)$ to://${server:static}/$1 # and delegate the generated URL by passing it # through the proxy module RewriteRule ^to://([^/]+)/(.*) http://$1/$2 [E=SERVER:$1,P,L] # and make really sure all other stuff is forbidden # when it should survive the above rules... RewriteRule .* - [F] # enable the Proxy module without caching ProxyRequests on NoCache * # setup URL reverse mapping for redirect reponses ProxyPassReverse / http://webhome.mydomain.com/ </VirtualHost> <VirtualHost openliness-qa.mydomain.com:443> ServerName openliness-qa.mydomain.com SSLCertificateFile /opt/apache/conf/ol-cert.pem CustomLog /opt/apache/logs/apache-rproxy-ol.dlog "%{%v/%T}t %h -> %{SERVER}e URL: %U" RewriteLog /opt/apache/logs/apache-rproxy-ol.rwlog TransferLog /opt/apache/logs/apache-rproxy-ol.tlog # define a rewriting map with value-lists where # mod_rewrite randomly chooses a particular value RewriteMap server rnd:/opt/apache/conf/apache-rproxy-ol.conf-servers # make sure the status page is handled locally # and make sure no one uses our proxy except ourself RewriteRule ^/apache-rproxy-status.* - [L] RewriteRule ^(https|ftp)://.* - [F] # now choose the possible servers for particular URL types RewriteRule ^/(.*\.(cgi|shtml|jsp))$ to://${server:dynamic}/$1 [S=1] RewriteRule ^/(.*)$ to://${server:static}/$1 # and delegate the generated URL by passing it # through the proxy module RewriteRule ^to://([^/]+)/(.*) https://$1/$2 [E=SERVER:$1,P,L] # and make really sure all other stuff is forbidden # when it should survive the above rules... RewriteRule .* - [F] # enable the Proxy module without caching ProxyRequests on NoCache * # setup URL reverse mapping for redirect reponses ProxyPassReverse / https://openliness-qa.mydomain.com/ </VirtualHost> Any help, or pointers to help are greatly appreciated. Jared Schmidt, MCP email: [EMAIL PROTECTED] wwweb: http://dragon-rider.org PowerStreak Networks, Inc. Junior Network Analyst email: [EMAIL PROTECTED] wwweb: http://powerstreak.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]