httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sarris Overbosch" <soverbo...@lycos.nl>
Subject [users@httpd] Apache proxy as client to SSL server
Date Thu, 31 Mar 2005 09:44:03 GMT
<html><head><style type="text/css">body{font:12px Arial;margin:3px;overflow-y:auto;overflow-x:auto}p{margin:0px;}blockquote,
ol, ul{margin-top:0px;margin-bottom:0px;}</style></head>

<body><div style="display: block; font-family: Arial; font-size: 12px;">Hi,<br>
<br>
At this moment we are using a apache configured as proxy to another
secure apache server, but now for security reasons only https is not
enough. We must now use certificates.<br>
<br>
In my mind this means our apache proxy is the client to the secure
server and thus needs a client certificate, I tried to configure this
in apache <br>
<br>
(snippet from httpd.conf)<br>
 .<br>
&nbsp;&nbsp;&nbsp; SSLProxyEngine On<br>
&nbsp;&nbsp;&nbsp; SSLProxyMachineCertificateFile ssl/client.crt<br>
 ..<br>
<br>
When I try to start the apache server then the following message appears in the error log:<br>
<br>
[Thu Mar 31 10:50:07 2005] [info] Init: Initializing OpenSSL library<br>
[Thu Mar 31 10:50:07 2005] [info] Init: Seeding PRNG with 0 bytes of entropy<br>
[Thu Mar 31 10:50:07 2005] [info] Loading certificate &amp; private key of SSL-aware server<br>
[Thu Mar 31 10:50:07 2005] [info] Init: Generating temporary RSA private keys (512/1024 bits)<br>
[Thu Mar 31 10:50:09 2005] [info] Init: Generating temporary DH parameters (512/1024 bits)<br>
[Thu Mar 31 10:50:09 2005] [info] Init: Initializing (virtual) servers for SSL<br>
[Thu Mar 31 10:50:09 2005] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols:
SSLv2, SSLv3, TLSv1)<br>
incomplete client cert configured for SSL proxy (missing or encrypted private key?)<br>
<br>
Does somebody know how to solve this problem or have a complete
procedure for installing a client certificate in Apache (preferrable
also how to create the client certificate)<br>
<br>
Br,<br>
<br>
Sarris Overbosch<br></br><p style="margin-top:11px;padding-top:3px;background-image:
url(http://mail.lycos.co.uk/Images/Mail/_content/dot.gif);background-repeat: repeat-x;background-position:
0px 0px;"><a href="http://www.yourprint.canon-europe.com/index.html">Printer kiezen?
Overtuig uzelf! Wij zijn zo overtuigd over de kwaliteit van onze Canon printers dat wij u
de mogelijkheid bieden deze GRATIS te proberen.</A></div></body></html>



Mime
View raw message