Hello !
I want to setup a proxy, allowing my internal hosts to connect on
external https servers (which forces client authentication by using a
certificate).
[ internal hosts ]-----http---->[ apache proxy ] ------https---->
[external https server]
External servers restrict connection from client which are
authenticated by a client certificate (certified by the same CA).
Excerpt of my .conf :
# TEST
ProxyPass /proxy/TEST/ https://laposte.net
ProxyPassReverse /proxy/TEST/ https://laposte.net
SSLProxyEngine on
SSLCipherSuite RC4:MD5
SSLProxyCACertificateFile /etc/httpd/conf/ssl/ca-bundle.crt
SSLProxyMachineCertificateFile /etc/httpd/conf/ssl/SSLproxy.pem
SSLProxyVerifyDepth 10
SSLProxyVerify none
</VirtualHost>
I try to connect on 2 servers with similar configuration (same CA
used, both requiring client auth, ... so AFAIK, my proxy will use the
same client certificate):
One connection is successfull, as i can saw in my debug httpd log file :
[debug] ssl_engine_kernel.c(1499): Proxy client certificate callback:
(myproxy:443) found acceptable cert, sending /C=XX/ST=CITY/L=Port/
O=ORGANIZATION/OU=31/CN=myCN/emailAddress=myemail
The other one not :
[debug] ssl_engine_kernel.c(1571): Proxy client certificate callback:
(myproxy:443) no client certificate found!?
I wonder myself how clients certificates are choosen ? Any thoughts ?
Thanks in advance
--
Nicolas Cros
Connaissez vous la maison du cordonnier ?
Elle se trouve ici : http://barsa.free.fr