You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sarris Overbosch <so...@lycos.nl> on 2005/03/31 11:44:03 UTC
[users@httpd] Apache proxy as client to SSL server
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache proxy as client to SSL server
Posted by Joe Orton <jo...@redhat.com>.
On Thu, Mar 31, 2005 at 09:44:03AM +0000, Sarris Overbosch wrote:
> In my mind this means our apache proxy is the client to the secure server
> and thus needs a client certificate, I tried to configure this in apache
>
> (snippet from httpd.conf)
> .
> SSLProxyEngine On
> SSLProxyMachineCertificateFile ssl/client.crt
> ..
>
...
> [Thu Mar 31 10:50:09 2005] [debug] ssl_engine_init.c(405): Creating new
> SSL context (protocols: SSLv2, SSLv3, TLSv1)
> incomplete client cert configured for SSL proxy (missing or encrypted
> private key?)
The "client.crt" file must contain both a client certificate and a
matching *unencrypted* private key. You get this error message if you
configure a client certificate with one half missing.
Regards,
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org