Re: [users@httpd] Apache as a Mutual SSL enabled Forward Proxy

Tue, 29 May 2018 14:58:14 -0700 

Never heard of mutual ssl enabled before. What is the use case for this
setup?

Would it work for having Nginx SSL offloading to Apache? Any docs?


On 05/24/18 10:00 PM, William A Rowe Jr wrote:
> Your next thing to test, from a vanilla/completely reset browser,
> would be
> to load up these corresponding cert+key and ca chain files into that blank
> slate, and ensure that these credentials actually work against your
> backend;
>
> /  SSLProxyMachineCertificateFile
> D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem/
> /  SSLProxyCACertificateFile
> D:\sys-projects\aaa\Apache24\Apache24\security\server.pem/
>
> Also drop your proxy server's log level to debug and discover what it
> has to say.
>
> On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erand...@gmail.com
> <mailto:erand...@gmail.com>> wrote:
>
>     Hi all,
>
>     Im trying to configure Apache http server as a forward proxy with
>     mutual ssl enabled. Following is the setup,
>
>     [HTTP client] ----------> [Apache Http Server]----------->[Web Server]
>
>     I need to enable Mutual SSL between  Apache Http Server, Web
>     Server. Following is the proxy I have configured. It works fine
>     when connecting other internet web servers.
>
>     /Listen 3128/
>     / /
>     /<VirtualHost *:3128>/
>     /  ProxyRequests On/
>     /  SSLProxyEngine On/
>     /  SSLVerifyClient require/
>     /  SSLVerifyDepth  10/
>     /  /
>     /  SSLProxyMachineCertificateFile
>     D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem/
>     /  SSLProxyCACertificateFile
>     D:\sys-projects\aaa\Apache24\Apache24\security\server.pem/
>     /  /
>     /</VirtualHost>  /
>
>
>     I have tested connecting client directly to the Web server
>     bypassing Apache Forward proxy and it works fine. But when it
>     tries to connect through Apache server I'm getting following error
>     on clients end,
>
>     *java.io.IOException: Unable to tunnel through proxy. Proxy
>     returns "HTTP/1.1 403 Proxy Error"*
>     *
>     *
>     Even if I just enable one way SSL, the behavior is the same. Am I
>     not importing the Server cert correctly into Apache? Or is there
>     other configuration issue in my setup.
>
>     Please help me on this.
>
>
>     Thanks,
>     -- 
>     *Eranda Rajapakshe*
>     Computer Science and Engineering Undergraduate,
>     University of Moratuwa.
>     Tel : +94784822608 <tel:%2B94784822608>
>     Email : erand...@gmail.com <mailto:eran...@wso2.com>
>
>



---
This email has been checked for viruses by AVG.
https://www.avg.com

Reply via email to