[users@httpd] Mutual authentication between Apache HTTP server and an application server.

Naveen Nandyala - Vendor Sun, 11 Feb 2018 16:31:59 -0800

Thank you Eric,

                I’ve added below values and I see below error message in logs.


[Sun Feb 11 18:26:32.055662 2018] [ssl:error] [pid 43131:tid 140388278904576] 
[remote XXXXX:xxx] AH02039: Certificate Verification: Error (19): self signed 
certificate in certificate chain
[Sun Feb 11 18:26:32.055896 2018] [proxy_http:error] [pid 43131:tid 
140388278904576] (103)Software caused connection abort: [client XXXXX:XXX] 
AH01102: error reading status line from remote server XXXX:xxx
[Sun Feb 11 18:26:32.055921 2018] [proxy:error] [pid 43131:tid 140388278904576] 
[client 10.246.8.176:27615] AH00898: Error reading from remote server returned 
by /xxxx

Values Added ::

SSLProxyEngine on
SSLProxyCACertificateFile /tmp/was.crt
SSLProxyVerify require
SSLProxyVerifyDepth  2

/tmp/was.crt was created as below.

Extracted root certificate from WAS.
Converted .cer file to crt using below command.

openssl x509 -inform PEM -in was.cer -out was.crt


Warm Regards,
Naveen Kumar Reddy N
IBM Middleware WAS-MQ Tower Lead ( WalMart )
Toll Free Number - 866-912-0282(B),855-755-9356(H)
Mail: [email protected]<mailto:[email protected]>
SLACK Channel:: middleware_l2
[cid:[email protected]]
Middleware ServiceNow Service Catalog Task Policy:: 
https://collaboration.wal-mart.com/display/IPSMW/Service+Now+Service+Task+Catalog+Policy
Middleware ServiceNow Change Control Policy :: 
https://collaboration.wal-mart.com/display/IPSMW/Change+Control+Policy
Middleware Customer Page:: 
https://teams.wal-mart.com/sites/Middleware/Customers/Pages/default.aspx

From: Eric Covener [mailto:[email protected]]
Sent: Sunday, February 11, 2018 12:54 PM
To: [email protected]
Subject: EXT: Re: [users@httpd] Mutual authentication between Apache HTTP 
server and an application server.



On Sun, Feb 11, 2018 at 1:50 PM, Naveen Nandyala - Vendor 
<[email protected]<mailto:[email protected]>> wrote:
Yep, I’m looking for trust between my webserver and Appserver w/o client 
authentication.  I’m not worried about trust between my web browser and 
webserver as I’m not looking for that now.

That's just 
https://httpd.apache.org/docs/2.4/en/mod/mod_ssl.html#sslproxycacertificatefile 
pointing to the CA that signed your application server certs.

Emphasis on the "proxy" in these directive names for the backside connection.

[users@httpd] Mutual authentication between Apache HTTP server and an application server.

Reply via email to