You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ai...@advalvas.be on 2003/10/15 13:57:03 UTC
[users@httpd] Server certificate verification with reverse SSL proxy
Hello,
I'm trying to set up Apache 2.0 as a reverse proxy. The front-end
of this reverse proxy setup uses HTTP, the back-end uses SSL. The
setup works fine as long as I do not enable the verification of the
back-end server certificate. The back-end server certificate is
signed/issued by a self-signed CA. But apparently mod_ssl/OpenSSL
can not handle that self signed certificate in the certificate chain.
Do any of you have a suggestion on how to resolve this problem?
More details below...
Relevant part of the configuration:
<IfModule mod_proxy.c>
ProxyPass /prefix https://hostname
ProxyPassReverse /prefix https://hostname
SSLProxyEngine on
SSLProxyVerify require
SSLProxyCACertificateFile conf/ssl/backend.crt
</IfModule>
Relevant part of the error_log:
[Wed Oct 15 13:40:36 2003] [error] Certificate Verification: Error
(19): self signed certificate in certificate chain
[Wed Oct 15 13:40:36 2003] [error] (20014)Error string not specified
yet: proxy: request failed to 10.0.203.17:443 (hostname)
thx
--
Kris Verbeeck
kris_verbeeck@fastmail.fm
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org