httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Mutual authentication between Apache HTTP server and an application server.
Date Sun, 11 Feb 2018 17:52:11 GMT
On Sun, Feb 11, 2018 at 12:47 PM, Naveen Nandyala - Vendor <
Naveen.Nandyala@walmart.com> wrote:

> Hi,
>
>
>
>                 I’m using Apache HTTP server as a webserver and Websphere
> application server as an Application server. Apache is using Proxy to
> redirect requests from Apache to Websphere. On my websphere side security
> is enabled, and its looking for mutual authentication. Could you please
> help me with where I can add my Application server’s root certificate on
> Apache end?
>
>
>
>                 Could you please let me know how can I add websphere
> certificate in my Apache. I’ve tried using “
> ​​
> SSLProxyMachineCertificateFile” and “SSLProxyMachineCertificatePath”
> which points to Websphere applicaton server certificate. But its not
> working and I’m getting below error.
>
>

​That's the right way to specify a client certificate.  But it shouldn't be
"websphere's certificate" it should be a certificate that identifies your
webserver and is trusted by your application server.
​

>
>
>
>
> [Sat Feb 10 19:34:38.426645 2018] [ssl:warn] [pid 60369:tid
> 140460446177024] AH02268: Proxy client certificate callback: (XXXXX:443)
> downstream server wanted client certificate but none are configured
>
>
​Was
​
SSLProxyMachineCertificateFile set? Did it have a key and a cert in it?

[Sat Feb 10 19:34:38.429477 2018] [proxy_http:error] [pid 60369:tid
> 140460446177024] (103)Software caused connection abort: [client XXXXXXX]
> AH01102: error reading status line from remote server XXXXXX.
>
> [Sat Feb 10 19:34:38.429523 2018] [proxy:error] [pid 60369:tid
> 140460446177024] [client XXXXXXXX] AH00898: Error reading from remote
> server returned by /XXXXXXX
>
>
>
​This is just the abrupt closure of the connection due to WAS not finding a
client certificate.
​

Mime
View raw message