httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <>
Subject Re: [users@httpd] Reverse proxy from HTTP to HTTPS or HTTPS to HTTPS how?
Date Tue, 31 Mar 2009 11:16:42 GMT
On Tue, Mar 31, 2009 at 12:35 PM, <> wrote:

> I know how to create a reverse proxy for HTTP -> HTTP, but i don't know
> how to do it for HTTP to HTTPS. I know there is a SSLProxyengine that i
> should activate, but probably i need to do more than these to get
> working this.

You need to enable Apache as an SSL client. This is what I wrote about
on this list last year:

Apache can't proxy to https urls out of the box. You need to do some work.

you need to add the following to your config.

# turn on SSL proxying.
SSLProxyEngine On

# to tell Apache where to find CA certificates to check remote server
certificates with:
# (You can choose yourself where you put these certificates)
SSLProxyCACertificatePath /path/to/ca/certificates.

Then in this path you need to put the CA certificate(s) used to sign
the certificate(s) used by the server(s) you communicate with. If you
want to talk to a server that uses a "self signed" certificate you
will need to put it in this dir too.

Once you've done that you need to run c_rehash in that directory.
c_rehash is part of a standard openssl distribution. c_rehash creates
hashed aliases in this dir. Apache needs these.

In order to test if everything is there you can do the following:

openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443

if the conenction succeeds just try to do a
GET /abc/

and see if you get something. If this test is succesfull apache should work too.


Bremgarten b. Bern, Switzerland
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message