I was able to get it work by setting the SSL artifacts at the clients end but not in the Apache server. I thought SSL is applied at Server to Apache and Apache to Client is non-encrypted. So I have to place the certs and keys at the Apache Server.
Is it that Apache forward proxy doing just a passthrough and connection is encrypted from Client to Server? Thanks, Eranda On Wed, May 30, 2018 at 5:57 AM, Miguel González < miguel_3_gonza...@yahoo.es.invalid> wrote: > Never heard of mutual ssl enabled before. What is the use case for this > setup? > > Would it work for having Nginx SSL offloading to Apache? Any docs? > > > > On 05/24/18 10:00 PM, William A Rowe Jr wrote: > > Your next thing to test, from a vanilla/completely reset browser, would be > to load up these corresponding cert+key and ca chain files into that blank > slate, and ensure that these credentials actually work against your > backend; > > * SSLProxyMachineCertificateFile > D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pe > <http://key-client.pe>m* > * SSLProxyCACertificateFile > D:\sys-projects\aaa\Apache24\Apache24\security\server.pem* > > Also drop your proxy server's log level to debug and discover what it has > to say. > > On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erand...@gmail.com> > wrote: > >> Hi all, >> >> Im trying to configure Apache http server as a forward proxy with mutual >> ssl enabled. Following is the setup, >> >> [HTTP client] ----------> [Apache Http Server]----------->[Web Server] >> >> I need to enable Mutual SSL between Apache Http Server, Web Server. >> Following is the proxy I have configured. It works fine when connecting >> other internet web servers. >> >> *Listen 3128* >> >> *<VirtualHost *:3128>* >> * ProxyRequests On* >> * SSLProxyEngine On* >> * SSLVerifyClient require* >> * SSLVerifyDepth 10* >> >> * SSLProxyMachineCertificateFile >> D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pe >> <http://key-client.pe>m* >> * SSLProxyCACertificateFile >> D:\sys-projects\aaa\Apache24\Apache24\security\server.pem* >> >> *</VirtualHost> * >> >> >> I have tested connecting client directly to the Web server bypassing >> Apache Forward proxy and it works fine. But when it tries to connect >> through Apache server I'm getting following error on clients end, >> >> *java.io.IOException: Unable to tunnel through proxy. Proxy returns >> "HTTP/1.1 403 Proxy Error"* >> >> Even if I just enable one way SSL, the behavior is the same. Am I not >> importing the Server cert correctly into Apache? Or is there other >> configuration issue in my setup. >> >> Please help me on this. >> >> >> Thanks, >> -- >> *Eranda Rajapakshe* >> Computer Science and Engineering Undergraduate, >> University of Moratuwa. >> Tel : +94784822608 >> Email : erand...@gmail.com <eran...@wso2.com> >> > > > > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > Virus-free. > www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > <#m_7869396095988992767_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > -- *Eranda Rajapakshe* Computer Science and Engineering Undergraduate, University of Moratuwa. Tel : +94784822608 Email : erand...@gmail.com <eran...@wso2.com>
