httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fabio.schm...@4linux.com.br
Subject Re: [users@httpd] HTTPS Proxy with Apache
Date Mon, 14 Jul 2014 13:01:33 GMT
Hi Jeff, thanks for the answer ! Yes, I'm trying to perform that common scenario as you said.
When the connection fails I got the message "Server should be SSL-aware but has no certificate
configured [Hint: SSLCertificateFile]" 

I'll check the port on which Citrix is listening and I do realize now that I have forgotten
to include the certificate in Apache ! 

Atenciosamente, 
Fabio S. Schmidt 
Consultor técnico Sênior 
4linux - Open Software Specialists 
http://www.4linux.com.br 

----- Original Message -----

From: "Jeff Trawick" <trawick@gmail.com> 
To: users@httpd.apache.org 
Sent: Saturday, 12 July, 2014 6:27:11 PM 
Subject: Re: [users@httpd] HTTPS Proxy with Apache 

On Thu, Jul 10, 2014 at 6:35 PM, < fabio.schmidt@4linux.com.br > wrote: 



Hi ! 

I'm trying to use Apache 2.2 to proxy connections to a server that only listens with HTTPS
(Citrix Secure Gateway, to be more precise) and keep the connection encrypted. I've already
enabled the proxy, proxy_http and proxy_connect modules but when I access through my Apache
server I got the message "ERR_SSL_PROTOCOL_ERROR". 




Why proxy_connect? 

Are you trying to perform this common scenario? 

client <--- HTTP over SSL/TLS ---> httpd <--- HTTP over SSL/TLS ---> Citrix? 

Does the client specify the hostname of httpd AND httpd has a certificate for that hostname?



<blockquote>

What am I misunderstanding and if someone could explain to me the correct way to achieve a
proxy with a HTTPS>HTTPS connection I would really appreciate ! 

Here is my configuration: 

<VirtualHost *:443> 
SSLEngine ON 
SSLProxyEngine ON 
ProxyPass / https://IP_OF_THE_CITRIX_SERVER/ 
ProxyPassReverse / https://IP_OF_THE_CITRIX_SERVER/ 
LogLevel debug 
ErrorLog /var/log/apache2/citrix-ssl-error.log 
TransferLog /var/log/apache2/citrix-ssl-access.log 
</VirtualHost> 


</blockquote>


Isn't ERR_SSL_PROTOCOL error displayed by Chrome for an error connecting to port 443 (i.e.,
nothing to do with the backend proxy connection)? 

Where's your certificate for client connections to port 443? 

This is the only VirtualHost for port 443 in your config, right? 

What is in /var/log/apache2/citrix-ssl-error.log when you fail to connect with a browser?


<blockquote>

Atenciosamente, 
Fabio S. Schmidt 
Consultor técnico Sênior 
4linux - Open Software Specialists 
http://www.4linux.com.br 

--------------------------------------------------------------------- 
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 


</blockquote>




-- 
Born in Roswell... married an alien... 
http://emptyhammock.com/ 



Mime
View raw message