Hello,
I’m trying to setup a proxy server which selects the correct certificate based
on destination IP-address. I’m using apache 2.4 on CentOS 6.6.
I’m using the following configuration:
<VirtualHost *:3128>
SSLProxyEngine On
SSLProxyVerify require
SSLProxyVerifyDepth 10
<If "%{REMOTE_ADDR} -ipmatch '192.168.0.0/24'">
SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.com.cer
SSLProxyCACertificateFile /etc/pki/tls/certs/ca.cer
</If>
<Else>
SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.org.cer
SSLProxyCACertificateFile /etc/pki/tls/certs/ca.cer
</Else>
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]
ProxyPreserveHost On
ProxyPass / https://$1/
ProxyPassReverse / https://$1/ <https://$1/>
</VirtualHost>
But I’m getting the following error when I start the httpd service:
Starting httpd: AH00526: Syntax error on line 8 of
/opt/rh/httpd24/root/etc/httpd/conf.d/forward_ssl_proxy.conf:
SSLProxyMachineCertificateFile not allowed here
[FAILED]
Can someone help me how to achieve my goal by using the correct certificate
based on destination address?
With kind regards,
Abdelouahed
