You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by ai...@advalvas.be on 2003/10/15 13:57:03 UTC

[users@httpd] Server certificate verification with reverse SSL proxy

Hello,

I'm trying to set up Apache 2.0 as a reverse proxy.  The front-end
of this reverse proxy setup uses HTTP, the back-end uses SSL.  The
setup works fine as long as I do not enable the verification of the
back-end server certificate.  The back-end server certificate is
signed/issued by a self-signed CA.  But apparently mod_ssl/OpenSSL
can not handle that self signed certificate in the certificate chain.
Do any of you have a suggestion on how to resolve this problem?
More details below... 

Relevant part of the configuration:

  <IfModule mod_proxy.c>
    ProxyPass        /prefix https://hostname
    ProxyPassReverse /prefix https://hostname
    SSLProxyEngine on
    SSLProxyVerify require 
    SSLProxyCACertificateFile conf/ssl/backend.crt
  </IfModule>

Relevant part of the error_log:

  [Wed Oct 15 13:40:36 2003] [error] Certificate Verification: Error
  (19): self signed certificate in certificate chain
  [Wed Oct 15 13:40:36 2003] [error] (20014)Error string not specified
  yet: proxy: request failed to 10.0.203.17:443 (hostname)

thx
-- 
  Kris Verbeeck
  kris_verbeeck@fastmail.fm

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org