[users@httpd] help on ssl configuration of forward proxy

Wed, 26 Mar 2014 01:38:36 -0700 

Hi,

I'm trying to configure my apache server to be a forward proxy. And I tried to 
invoke some webservices with the server as a proxy.
When the webservice endpoint is in HTTP, like 
http://10.151.124.98:24101/TestServiceCert/TestWebServiceCert, then the client 
can work fine with the proxy specified.
But when the ws endpoint url is in HTTPS, 
https://paf.test.gemalto.com:24111/TestService/TestWebService, the client will 
give out error:
<Error> <Net> <BEA-000903> <Failed to communicate with proxy: gugong/8088. Will 
try connection paf.test.gemalto.com/24111 now.
java.net.ProtocolException: Unrecognized response from SSL proxy: 'HTTP/1.1 403 
Forbidden'
    at 
weblogic.net.http.HttpsClient.makeConnectionUsingProxy(HttpsClient.java:458)
    at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:351)
    at weblogic.net.http.HttpsClient.New(HttpsClient.java:527)
    at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:239)
    at 
com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:136)
    at 
com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:187)
    at 
com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
...

Here is my configuration:
Listen 10.151.124.98:8088

<VirtualHost 10.151.124.98:8088>

ServerName mmog.test

AllowCONNECT  8088
  ProxyRequests On
ProxyVia      on

SSLProxyEngine on

#SSLVerifyClient require
#SSLVerifyClient optional_no_ca
#SSLVerifyClient none

SSLProxyVerify require
SSLProxyVerifyDepth 10

<Proxy *>
     Order Deny,Allow
     Allow from all
</Proxy>


LogLevel debug

#SSLProxyMachineCertificateFile /product/gemalto/MMOG_PAF_FP/keystore/test.pem

SSLCertificateFile /product/gemalto/MMOG_PAF_FP/keystore/test/public.cer
SSLCertificateKeyFile /product/gemalto/MMOG_PAF_FP/keystore/test/private1.key

SSLProxyMachineCertificateFile 
/product/gemalto/MMOG_PAF_FP/keystore/test/test.pem

SSLProxyCACertificateFile /product/gemalto/MMOG_PAF_FP/keystore/AdminCA.pem
</VirtualHost>


And I see this line in the proxy server log when starting:

[warn] no client certs found for SSL proxy


Anybody can help?
Thanks.

BR,
Li Run

________________________________
This message and any attachments are intended solely for the addressees and may 
contain confidential information. Any unauthorized use or disclosure, either 
whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the 
message if altered, changed or falsified. If you are not the intended recipient 
of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free 
from viruses, the sender will not be liable for damages caused by a transmitted 
virus

Reply via email to