Re: [users@httpd] (internal app) --http-->apache---https--->(external app)

Mon, 24 Aug 2009 13:06:47 -0700 

Hi Eric, 
I tried the hint - SSLProxyEngine On. The https connection works with 
websites/applications that don't require a certificate. 
For websites/applications that require a certificate, it fails. Please verify 
if the below config makes sense?
I included the following SSL directives in the virtualhost port. 
<VirtualHost my_ipaddr:44444>
    ---  
SSLProxyEngine On
SSLEngine On SSLCertificateFile /etc/httpd/ssl/servercerts/server.CRT 
SSLCertificateKeyFile /etc/httpd/ssl/servercerts/server.KEY 
SSLProxyMachineCertificateFile /etc/httpd/ssl/clientcerts/client-cert.p12 
    --
</VirtualHost>
------------------------------
[Mon Aug 24 10:31:11 2009] [debug] ssl_engine_kernel.c(1765): OpenSSL: Read: 
SSLv3 read finished A
[Mon Aug 24 10:31:11 2009] [debug] ssl_engine_kernel.c(1784): OpenSSL: Exit: 
failed in SSLv3 read finished A
[Mon Aug 24 10:31:11 2009] [info] [client ip_addr1] SSL library error 1 reading 
data
[Mon Aug 24 10:31:11 2009] [info] SSL Library Error: 336151568 
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Mon Aug 24 10:31:11 2009] [info] SSL Library Error: 336150757 
error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
[Mon Aug 24 10:31:11 2009] [error] [client ip_addr2] (20014)Internal error: 
proxy: error reading status line from remote server webapplication_server 
[Mon Aug 24 10:31:11 2009] [debug] mod_proxy_http.c(1466): [client 
199.130.193.102] proxy: NOT Closing connection to client although reading from 
backend server webapplication_server failed.
-----------------------------


--- On Sun, 8/23/09, Eric Covener <cove...@gmail.com> wrote:

> From: Eric Covener <cove...@gmail.com>
> Subject: Re: [us...@httpd] (internal app) 
> --http-->apache---https--->(external  app)
> To: users@httpd.apache.org
> Date: Sunday, August 23, 2009, 9:17 PM
> > [Sun Aug 23 12:24:39 2009]
> [error] [client 73.155.40.73] SSL Proxy requested for
> my_proxyserver:80 but not enabled [Hint: SSLProxyEngine]
> 
> Tried the hint?
> 
> -- 
> Eric Covener
> cove...@gmail.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to