Hi Jeff, thanks for the answer ! Yes, I'm trying to perform that common scenario as you said. When the connection fails I got the message "Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]"
I'll check the port on which Citrix is listening and I do realize now that I have forgotten to include the certificate in Apache ! Atenciosamente, Fabio S. Schmidt Consultor técnico Sênior 4linux - Open Software Specialists http://www.4linux.com.br ----- Original Message ----- From: "Jeff Trawick" <traw...@gmail.com> To: users@httpd.apache.org Sent: Saturday, 12 July, 2014 6:27:11 PM Subject: Re: [users@httpd] HTTPS Proxy with Apache On Thu, Jul 10, 2014 at 6:35 PM, < fabio.schm...@4linux.com.br > wrote: Hi ! I'm trying to use Apache 2.2 to proxy connections to a server that only listens with HTTPS (Citrix Secure Gateway, to be more precise) and keep the connection encrypted. I've already enabled the proxy, proxy_http and proxy_connect modules but when I access through my Apache server I got the message "ERR_SSL_PROTOCOL_ERROR". Why proxy_connect? Are you trying to perform this common scenario? client <--- HTTP over SSL/TLS ---> httpd <--- HTTP over SSL/TLS ---> Citrix? Does the client specify the hostname of httpd AND httpd has a certificate for that hostname? <blockquote> What am I misunderstanding and if someone could explain to me the correct way to achieve a proxy with a HTTPS>HTTPS connection I would really appreciate ! Here is my configuration: <VirtualHost *:443> SSLEngine ON SSLProxyEngine ON ProxyPass / https://IP_OF_THE_CITRIX_SERVER/ ProxyPassReverse / https://IP_OF_THE_CITRIX_SERVER/ LogLevel debug ErrorLog /var/log/apache2/citrix-ssl-error.log TransferLog /var/log/apache2/citrix-ssl-access.log </VirtualHost> </blockquote> Isn't ERR_SSL_PROTOCOL error displayed by Chrome for an error connecting to port 443 (i.e., nothing to do with the backend proxy connection)? Where's your certificate for client connections to port 443? This is the only VirtualHost for port 443 in your config, right? What is in /var/log/apache2/citrix-ssl-error.log when you fail to connect with a browser? <blockquote> Atenciosamente, Fabio S. Schmidt Consultor técnico Sênior 4linux - Open Software Specialists http://www.4linux.com.br --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org </blockquote> -- Born in Roswell... married an alien... http://emptyhammock.com/
