Hi Frank,
My vhost looks as below. Anything incorrect set? I do have proxy.conf file but
nothing related to SSL set in there. I will test apachectl -S and share you the
result.
<VirtualHost _default_:PORT>
SSLEngine on
ProxyRequests Off
RewriteEngine on
SSLProxyEngine on
SSLProxyVerify on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLVerifyCLient require
SSLVerifyDepth 10
SSLProxyVerifyDepth 10
SSLOptions +ExportCertData
SSLProxyMachineCertificateFile "/path/to/certs/Appcert.pem"
SSLProxyCACertificateFile "/path/to/certs/trustedca.pem"
SSLCertificateFile "/path/to/hostname.crt"
SSLCertificateKeyFile "/path/to/hostname.key"
SSLCertificateChainFile "/path/to/hostname.crt"
SSLCACertificateFile "/path/to/trustedca.pem"
SSLProtocol -All +TLSv1.2 +TLSv1.1
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Regards,
Devendra
From: Frank Gingras <[email protected]>
Sent: Thursday, April 18, 2024 7:19 PM
To: [email protected]
Subject: Re: [users@httpd] MTLS Setup issue - Apache HTTP Server and Weblogic
On Thu, Apr 18, 2024 at 3: 22 AM Daiya, Devendra singh <Devendra. S. Daiya@
wellsfargo. com. invalid> wrote: Hi Team, Need help in setting up MTLS between
Apache HTTP server and Weblogic server (App Server). I have gone through few
links but
On Thu, Apr 18, 2024 at 3:22 AM Daiya, Devendra singh
<[email protected]<mailto:[email protected]>>
wrote:
Hi Team,
Need help in setting up MTLS between Apache HTTP server and Weblogic server
(App Server).
I have gone through few links but those are not working. Post following
suggested steps I was able to start Apache HTTP server but Application is not
working. Getting below messages in the Error while accessing the application.
Could anyone please look at it and share some suggestion on how we should setup
MTLS b/w Web and App server. Please let me know if any additional info needed.
Error message: -
"message" : "AH02645: Server name not provided via TLS extension (using
default/first virtual host)" , "referer" : },
"message" : "AH02008: SSL library error 1 in handshake (server hostname:port)"
, "referer" : }
"message" : "SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?" , "referer" : }
"message" : "AH01998: Connection closed to child 138 with abortive shutdown
(server hostname:port , "referer" : }
"message" : "AH01964: Connection to child 24 established (server
hostname:port)" , "referer" : }
"message" : "AH02645: Server name not provided via TLS extension (using
default/first virtual host)" , "referer" : }
"message" : "AH02008: SSL library error 1 in handshake (server hostname:port)"
, "referer" : }
"message" : "SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?" , "referer" : }
SSL.conf file has below directives set.
SSLEngine on
ProxyRequests Off
RewriteEngine on
SSLProxyEngine on
SSLProxyVerify on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLVerifyCLient require
SSLVerifyDepth 10
SSLProxyVerifyDepth 10
SSLOptions +ExportCertData
SSLProxyMachineCertificateFile "/apps/certs/Appcert.pem"
SSLProxyCACertificateFile "/apps/certs/trustedca.pem"
SSLCertificateFile "/path/to/hostname.crt"
SSLCertificateKeyFile "/path/to/hostname.key"
SSLCertificateChainFile "/path/to/hostname.crt"
SSLCACertificateFile "/path/to/trustedca.pem"
Thanks.
Regards,
Devendra
Rough guess:
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost<https://urldefense.com/v3/__http:/httpd.apache.org/docs/current/mod/mod_proxy.html*proxypreservehost__;Iw!!F9svGWnIaVPGSwU!sVWv6DLdgjadPqzGD4Ud11pz4_vSBNt67dxHJCeLMZjSt_GUyGv62vgN_DRp6iHDNgIf9-q7_VVeyVaKME94UHFD$>
Otherwise, we would need to see the full vhost.
Might be worth running apachectl -S to make sure you don't have misconfigured /
overlapping vhosts, as well.
