Your next thing to test, from a vanilla/completely reset browser, would be to load up these corresponding cert+key and ca chain files into that blank slate, and ensure that these credentials actually work against your backend;
* SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem* * SSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\server.pem* Also drop your proxy server's log level to debug and discover what it has to say. On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erand...@gmail.com> wrote: > Hi all, > > Im trying to configure Apache http server as a forward proxy with mutual > ssl enabled. Following is the setup, > > [HTTP client] ----------> [Apache Http Server]----------->[Web Server] > > I need to enable Mutual SSL between Apache Http Server, Web Server. > Following is the proxy I have configured. It works fine when connecting > other internet web servers. > > *Listen 3128* > > *<VirtualHost *:3128>* > * ProxyRequests On* > * SSLProxyEngine On* > * SSLVerifyClient require* > * SSLVerifyDepth 10* > > * SSLProxyMachineCertificateFile > D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem* > * SSLProxyCACertificateFile > D:\sys-projects\aaa\Apache24\Apache24\security\server.pem* > > *</VirtualHost> * > > > I have tested connecting client directly to the Web server bypassing > Apache Forward proxy and it works fine. But when it tries to connect > through Apache server I'm getting following error on clients end, > > *java.io.IOException: Unable to tunnel through proxy. Proxy returns > "HTTP/1.1 403 Proxy Error"* > > Even if I just enable one way SSL, the behavior is the same. Am I not > importing the Server cert correctly into Apache? Or is there other > configuration issue in my setup. > > Please help me on this. > > > Thanks, > -- > *Eranda Rajapakshe* > Computer Science and Engineering Undergraduate, > University of Moratuwa. > Tel : +94784822608 > Email : erand...@gmail.com <eran...@wso2.com> >
