Forgot to mention that I generated the proxy.pem file by following the process listed at https://issues.apache.org/bugzilla/show_bug.cgi?id=31856, including making sure that I'm using an rsa key (not pkcs8).
-T On Thu, Dec 17, 2009 at 9:45 PM, Todd Volkert <tvolk...@gmail.com> wrote: > Ok, hopefully I'm not missing something stupid again... I'm trying to > enable the SSL proxy engine for use in one of my virtual hosts, and though > it seems to accept my SSLProxyMachineCertificateFile upon startup, I get > gobledegook requests when trying to connect over HTTPS: > > Here is my server config: > > <VirtualHost *:443> > ServerName www.foo.com > ServerAlias localhost foo.com *.foo.com > > SSLProxyEngine on > SSLProxyMachineCertificateFile /etc/httpd/conf/proxy.pem > ProxyRequests Off > > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPass / https://localhost:8443/ > ProxyPassReverse / https://localhost:8443/ > </VirtualHost> > > Here is the output of the server logs upon startup: > > [Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache is not configured > [hint: SSLSessionCache] > [Thu Dec 17 21:37:42 2009] [notice] Digest: generating secret for digest > authentication ... > [Thu Dec 17 21:37:42 2009] [notice] Digest: done > [Thu Dec 17 21:37:43 2009] [notice] Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9 > OpenSSL/0.9.8b configured -- resuming normal operations > > Then when I run 'lynx https://localhost/foo.jsp', I get the following in > the httpd logs: > > ==> /etc/httpd/logs/access_log <== > 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235 "-" > "-" > 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03" 501 1232 "-" "-" > > And I get the following in the tomcat access logs: > > 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1229 > 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1226 > > Ring any bells? > -T >