Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 30650 invoked from network); 22 Dec 2006 10:46:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Dec 2006 10:46:59 -0000 Received: (qmail 11079 invoked by uid 500); 22 Dec 2006 10:46:59 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 10484 invoked by uid 500); 22 Dec 2006 10:46:55 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 10468 invoked by uid 99); 22 Dec 2006 10:46:55 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Dec 2006 02:46:55 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [217.172.183.179] (HELO mail.llbc.de) (217.172.183.179) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Dec 2006 02:46:45 -0800 Received: from static-ip-217-172-183-179.inaddr.intergenia.de ([217.172.183.179] helo=[127.0.0.1]) by mail.llbc.de with esmtpa (Exim 4.50) id 1Gxi2c-0007iZ-Oa for users@httpd.apache.org; Fri, 22 Dec 2006 11:54:18 +0100 Message-ID: <458BB77B.8010905@llbc.de> Date: Fri, 22 Dec 2006 11:46:19 +0100 From: Christian Gottschalch User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: users@httpd.apache.org References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] httpd 2.2.3 as an SSL proxy with a client certificate fails on connect reason is "no acceptable CA list", which may mean, that your ReverseProxy dosent trust the CA bound at server:443 read http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslproxycacertificatefile Regards > The certificate file is fine. When I perform a get operation from the > proxy server itself (using a browser), it asks me to present the > certificate. Upon presenting it, I can connect successfully. > I'll try to clarify on the architecture here: > > We have a client app which does not speak SSL. We have configured a > virtual host on the proxy server to (reverse) proxy requests to the > SSL-only server, then configured the client certificate. > > Client (http) => proxy:8443 (https) => server:443 > > This configuration worked for a few months, then suddenly stopped working� > > Appreciate any help > > Shai > > > > why do you use HTTPS in Backend, it looks like the backend System also > > needs client certificate authentication, there may be something wrong > > with your SSLProxyMachineCertificateFile ? try to send a wget request to > > the remote server and use SSLProxyMachineCertificateFile, dose wget get > > authorized at the remote system ? > > > > regards > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org