On Thu, Apr 18, 2024 at 3:22 AM Daiya, Devendra singh <devendra.s.da...@wellsfargo.com.invalid> wrote:
> Hi Team, > > > > Need help in setting up MTLS between Apache HTTP server and Weblogic > server (App Server). > > > > I have gone through few links but those are not working. Post following > suggested steps I was able to start Apache HTTP server but Application is > not working. Getting below messages in the Error while accessing the > application. > > > > *Could anyone please look at it and share some suggestion on how we should > setup MTLS b/w Web and App server. Please let me know if any additional > info needed.* > > > > *Error message: -* > > > > "message" : "AH02645: Server name not provided via TLS extension (using > default/first virtual host)" , "referer" : }, > > "message" : "AH02008: SSL library error 1 in handshake (server > hostname:port)" , "referer" : } > > "message" : "SSL Library Error: error:1417C0C7:SSL > routines:tls_process_client_certificate:peer did not return a certificate > -- No CAs known to server for verification?" , "referer" : } > > "message" : "AH01998: Connection closed to child 138 with abortive > shutdown (server hostname:port , "referer" : } > > "message" : "AH01964: Connection to child 24 established (server > hostname:port)" , "referer" : } > > "message" : "AH02645: Server name not provided via TLS extension (using > default/first virtual host)" , "referer" : } > > "message" : "AH02008: SSL library error 1 in handshake (server > hostname:port)" , "referer" : } > > "message" : "SSL Library Error: error:1417C0C7:SSL > routines:tls_process_client_certificate:peer did not return a certificate > -- No CAs known to server for verification?" , "referer" : } > > > > *SSL.conf file has below directives set.* > > > > SSLEngine on > > ProxyRequests Off > > RewriteEngine on > > SSLProxyEngine on > > SSLProxyVerify on > > SSLProxyCheckPeerCN off > > SSLProxyCheckPeerName off > > SSLProxyCheckPeerExpire off > > SSLVerifyCLient require > > SSLVerifyDepth 10 > > SSLProxyVerifyDepth 10 > > > > SSLOptions +ExportCertData > > > > SSLProxyMachineCertificateFile "/apps/certs/Appcert.pem" > > SSLProxyCACertificateFile "/apps/certs/trustedca.pem" > > > > SSLCertificateFile "/path/to/hostname.crt" > > SSLCertificateKeyFile "/path/to/hostname.key" > > SSLCertificateChainFile "/path/to/hostname.crt" > > SSLCACertificateFile "/path/to/trustedca.pem" > > > > > > Thanks. > > > > *Regards,* > > *Devendra* > Rough guess: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost Otherwise, we would need to see the full vhost. Might be worth running apachectl -S to make sure you don't have misconfigured / overlapping vhosts, as well.