httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] Apache 2.4: Proxy certificate configuration question
Date Thu, 04 May 2017 13:29:19 GMT
Sorry, haven't configured it this way; probably someone who did will 
help. I can only advise you to look into SSLProxyMachineCertificatePath, 
maybe you could use that.


--

With Best Regards,
Marat Khalili

On 04/05/17 14:54, Markus Gausling wrote:
> Thanks for response.
>
> Maybe I did not make it clear but I need to have the certificates for the
> authentication between HTTP Proxy and WebServer. So HTTP Proxy shall
> authenticate WebServer and vice versa with the client certificate and
> the secret key.
>
> The clients that use the HTTP Proxy shall not be involved here and
> authentication shall be handled completely between HTTP Proxy and remote
> WebServer.
>
> Basically I have configured the HTTP Proxy using
> SSLProxyMachineCertificateFile and it is working fine. The problem I have
> is that I have certificate and key as two separate files and so I
> always have to combine them into one (and rewrite key BEGIN and END to add
> RSA).
>
> ​Regards
> Markus Gausling​
>
>
> 2017-05-04 12:54 GMT+02:00 Marat Khalili <mkh@rqc.ru <mailto:mkh@rqc.ru>>:
>
>     You configure certificates of your proxy server exactly the same
>     way as for web server, using SSLCertificateFile,
>     SSLCertificateKeyFile and possibly SSLCertificateChainFile. Most
>     likely you don't need SSLProxyMachineCertificateFile (it
>     configures _client_ certificate of your server before other servers).
>
>
>     --
>
>     With Best Regards,
>     Marat Khalili
>
>     On 03/05/17 18:11, Markus Gausling wrote:
>>     Hello,
>>
>>     when Apache is configured as a WebServer I can configure the private
>>     key and the certificate of the server separately using
>>     SSLCertificateFile and SSLCertificateKeyFile.
>>
>>     When configuring Apache as an HTTP Proxy (Reverse Proxy or Forward
>>     Proxy) it seems I can only configure the proxy private key and
>>     certificate if they are combined into a single PEM file with
>>     SSLProxyMachineCertificateFile.
>>
>>     Is that understanding corrector is there also a way to defined
>>     key and
>>     certificate for an HTTP Proxy configuration separately?
>>
>>     Regards
>>     Markus
>
>


Mime
View raw message