httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abdelouahed Haitoute <>
Subject [users@httpd] Selecting SSLProxyMachineCertificateFile based on destination address
Date Mon, 23 Mar 2015 19:01:39 GMT

I’m trying to setup a proxy server which selects the correct certificate based on destination
IP-address. I’m using apache 2.4 on CentOS 6.6.

I’m using the following configuration:

<VirtualHost *:3128>
  SSLProxyEngine On
  SSLProxyVerify require
  SSLProxyVerifyDepth 10
  <If "%{REMOTE_ADDR} -ipmatch ''">
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/
    SSLProxyCACertificateFile	   /etc/pki/tls/certs/ca.cer
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/
    SSLProxyCACertificateFile	   /etc/pki/tls/certs/ca.cer

  RewriteEngine On
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]

  ProxyPreserveHost On
  ProxyPass            /  https://$1/
  ProxyPassReverse     /  https://$1/ <https://$1/>

But I’m getting the following error when I start the httpd service:
Starting httpd: AH00526: Syntax error on line 8 of /opt/rh/httpd24/root/etc/httpd/conf.d/forward_ssl_proxy.conf:
SSLProxyMachineCertificateFile not allowed here

Can someone help me how to achieve my goal by using the correct certificate based on destination

With kind regards,

View raw message