httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Cros <nicolas.c...@gmail.com>
Subject [users@httpd] SSLProxyEngine, no client certificate found
Date Tue, 16 Jun 2009 06:49:35 GMT
  Hello !

I want to setup a proxy, allowing my internal hosts to connect on  
external https servers (which forces client authentication by using a  
certificate).

	[ internal hosts ]-----http---->[ apache proxy ] ------https---->  
[external https server]

External servers restrict connection from client which are  
authenticated by a client certificate (certified by the same CA).

Excerpt of my .conf :

# TEST
ProxyPass               /proxy/TEST/    https://laposte.net
ProxyPassReverse        /proxy/TEST/    https://laposte.net

SSLProxyEngine on
SSLCipherSuite RC4:MD5
SSLProxyCACertificateFile       /etc/httpd/conf/ssl/ca-bundle.crt
SSLProxyMachineCertificateFile  /etc/httpd/conf/ssl/SSLproxy.pem
SSLProxyVerifyDepth             10
SSLProxyVerify                  none

</VirtualHost>

I try to connect on 2 servers with similar configuration (same CA  
used, both requiring client auth, ... so AFAIK, my proxy will use the  
same client certificate):

One connection is successfull, as i can saw in my debug httpd log file :

[debug] ssl_engine_kernel.c(1499): Proxy client certificate callback:  
(myproxy:443) found acceptable cert, sending /C=XX/ST=CITY/L=Port/ 
O=ORGANIZATION/OU=31/CN=myCN/emailAddress=myemail


The other one not :

	[debug] ssl_engine_kernel.c(1571): Proxy client certificate callback:  
(myproxy:443) no client certificate found!?

I wonder myself how clients certificates are choosen ? Any thoughts ?

Thanks in advance

--
Nicolas Cros
Connaissez vous la maison du cordonnier ?
Elle se trouve ici : http://barsa.free.fr


Mime
View raw message