httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claudio Campetto" <ccampe...@sogei.it>
Subject Apache 2.0.39 SSLProxy - can't authenticate to a remote server
Date Fri, 23 Aug 2002 15:15:19 GMT
Hello,
I'm trying to configure apache as a SSL reverse proxy (i.e. http from
browser to apache and https from apache to the remote server); everything
works fine if no client authentication is required by the server. When I
turn on client autentication on the server, the apache proxy process serving
the request get a segmentation fault. I've read the documentation that comes
with apache2, but the SSLProxy directives are not so clear to understand.
For example, in order to authenticate to a server, a proxy needs a key pair
(and a certificate, of course) but no directive is available to specify a
key; I tried SSLCertificateFile and SSLCertificateKeyFile but these are only
used if SSLEngine is on, which provokes the proxy speak SSL to clients, and
doesn't resolve the problem anyway. If SSLEngine is off, apache doesn't even
ask for the key file password. Here is the relevant section of the
configuration file:

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

##
## SSL Virtual Host Context
##


<VirtualHost _default_:80>
ServerName claudio.sogei.it:80
SSLProxyEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/client.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/client.key
ProxyRequests On
ProxyPass / https://ccampetto1.sogei.it/
SSLProxyMachineCertificateFile
/usr/local/apache2/conf/ssl.crt/clientcertkey.crt
</VirtualHost>

</IfDefine>

Maybe I missed something. Can anybody enligthen me?
Thanks in advance.
Claudio Campetto.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message