httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Li Run <Run...@gemalto.com>
Subject [users@httpd] help on ssl configuration of forward proxy
Date Wed, 26 Mar 2014 08:37:40 GMT
Hi,

I'm trying to configure my apache server to be a forward proxy. And I tried to invoke some
webservices with the server as a proxy.
When the webservice endpoint is in HTTP, like http://10.151.124.98:24101/TestServiceCert/TestWebServiceCert,
then the client can work fine with the proxy specified.
But when the ws endpoint url is in HTTPS, https://paf.test.gemalto.com:24111/TestService/TestWebService,
the client will give out error:
<Error> <Net> <BEA-000903> <Failed to communicate with proxy: gugong/8088.
Will try connection paf.test.gemalto.com/24111 now.
java.net.ProtocolException: Unrecognized response from SSL proxy: 'HTTP/1.1 403 Forbidden'
    at weblogic.net.http.HttpsClient.makeConnectionUsingProxy(HttpsClient.java:458)
    at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:351)
    at weblogic.net.http.HttpsClient.New(HttpsClient.java:527)
    at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:239)
    at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:136)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:187)
    at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
...

Here is my configuration:
Listen 10.151.124.98:8088

<VirtualHost 10.151.124.98:8088>

ServerName mmog.test

AllowCONNECT  8088
  ProxyRequests On
ProxyVia      on

SSLProxyEngine on

#SSLVerifyClient require
#SSLVerifyClient optional_no_ca
#SSLVerifyClient none

SSLProxyVerify require
SSLProxyVerifyDepth 10

<Proxy *>
     Order Deny,Allow
     Allow from all
</Proxy>


LogLevel debug

#SSLProxyMachineCertificateFile /product/gemalto/MMOG_PAF_FP/keystore/test.pem

SSLCertificateFile /product/gemalto/MMOG_PAF_FP/keystore/test/public.cer
SSLCertificateKeyFile /product/gemalto/MMOG_PAF_FP/keystore/test/private1.key

SSLProxyMachineCertificateFile /product/gemalto/MMOG_PAF_FP/keystore/test/test.pem

SSLProxyCACertificateFile /product/gemalto/MMOG_PAF_FP/keystore/AdminCA.pem
</VirtualHost>


And I see this line in the proxy server log when starting:

[warn] no client certs found for SSL proxy


Anybody can help?
Thanks.

BR,
Li Run

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential
information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if
altered, changed or falsified. If you are not the intended recipient of this message, please
delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses,
the sender will not be liable for damages caused by a transmitted virus

Mime
View raw message