httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [users@httpd] Apache as a Mutual SSL enabled Forward Proxy
Date Thu, 24 May 2018 20:00:41 GMT
Your next thing to test, from a vanilla/completely reset browser, would be
to load up these corresponding cert+key and ca chain files into that blank
slate, and ensure that these credentials actually work against your backend;

*  SSLProxyMachineCertificateFile
D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem*
*  SSLProxyCACertificateFile
D:\sys-projects\aaa\Apache24\Apache24\security\server.pem*

Also drop your proxy server's log level to debug and discover what it has
to say.

On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erandacr@gmail.com>
wrote:

> Hi all,
>
> Im trying to configure Apache http server as a forward proxy with mutual
> ssl enabled. Following is the setup,
>
> [HTTP client] ----------> [Apache Http Server]----------->[Web Server]
>
> I need to enable Mutual SSL between  Apache Http Server, Web Server.
> Following is the proxy I have configured. It works fine when connecting
> other internet web servers.
>
> *Listen 3128*
>
> *<VirtualHost *:3128>*
> *  ProxyRequests On*
> *  SSLProxyEngine On*
> *  SSLVerifyClient require*
> *  SSLVerifyDepth  10*
>
> *  SSLProxyMachineCertificateFile
> D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem*
> *  SSLProxyCACertificateFile
> D:\sys-projects\aaa\Apache24\Apache24\security\server.pem*
>
> *</VirtualHost>  *
>
>
> I have tested connecting client directly to the Web server bypassing
> Apache Forward proxy and it works fine. But when it tries to connect
> through Apache server I'm getting following error on clients end,
>
> *java.io.IOException: Unable to tunnel through proxy. Proxy returns
> "HTTP/1.1 403 Proxy Error"*
>
> Even if I just enable one way SSL, the behavior is the same. Am I not
> importing the Server cert correctly into Apache? Or is there other
> configuration issue in my setup.
>
> Please help me on this.
>
>
> Thanks,
> --
> *Eranda Rajapakshe*
> Computer Science and Engineering Undergraduate,
> University of Moratuwa.
> Tel : +94784822608
> Email : erandacr@gmail.com <erandac@wso2.com>
>

Mime
View raw message