Never heard of mutual ssl enabled before. What is the use case for this setup?
Would it work for having Nginx SSL offloading to Apache? Any docs?
On 05/24/18 10:00 PM, William A Rowe Jr wrote:
Your next thing to test, from a vanilla/completely reset browser, would beto load up these corresponding cert+key and ca chain files into that blankslate, and ensure that these credentials actually work against your backend;
pache24\security\key-client.pe mSSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\A pache24\security\server.pem
Also drop your proxy server's log level to debug and discover what it has to say.
On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erandacr@xxxxxxxxx> wrote:
Im trying to configure Apache http server as a forward proxy with mutual ssl enabled. Following is the setup,
[HTTP client] ----------> [Apache Http Server]----------->[Web Server]
I need to enable Mutual SSL between Apache Http Server, Web Server. Following is the proxy I have configured. It works fine when connecting other internet web servers.
Listen 3128<VirtualHost *:3128>ProxyRequests OnSSLProxyEngine OnSSLVerifyClient requireSSLVerifyDepth 10SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\A
pache24\security\key-client.pe mSSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\A pache24\security\server.pem</VirtualHost>
I have tested connecting client directly to the Web server bypassing Apache Forward proxy and it works fine. But when it tries to connect through Apache server I'm getting following error on clients end,
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 403 Proxy Error"
Even if I just enable one way SSL, the behavior is the same. Am I not importing the Server cert correctly into Apache? Or is there other configuration issue in my setup.
Please help me on this.