You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by pe uni <pe...@yahoo.com> on 2009/08/25 01:47:41 UTC
[users@httpd] downstream server wanted client certificate but none are configured
I see the following message in the error_log
Proxy client certificate callback: downstream server wanted client certificate but none are configured
I have the following directives in my proxy virtual host...
---------------------------
SSLProxyCACertificateFile /etc/httpd/ssl/CA/CA-bundle.crt
SSLCertificateFile /etc/httpd/ssl/servercerts/server.CRT
SSLCertificateKeyFile /etc/httpd/ssl/servercerts/server.KEY
SSLProxyMachineCertificateFile /etc/httpd/ssl/clientcerts/client.p12
SSLProxyCACertificatePath /etc/httpd/ssl/CA
-------------------------
For some some reason apache is unable to pickup the client certificate and send it to the server.
Please advise.
Regards,
Pe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] downstream server wanted client certificate but
none are configured
Posted by Eric Covener <co...@gmail.com>.
On Mon, Aug 24, 2009 at 7:47 PM, pe uni<pe...@yahoo.com> wrote:
> I see the following message in the error_log
>
> Proxy client certificate callback: downstream server wanted client certificate but none are configured
>
> I have the following directives in my proxy virtual host...
> ---------------------------
> SSLProxyCACertificateFile /etc/httpd/ssl/CA/CA-bundle.crt
> SSLCertificateFile /etc/httpd/ssl/servercerts/server.CRT
> SSLCertificateKeyFile /etc/httpd/ssl/servercerts/server.KEY
> SSLProxyMachineCertificateFile /etc/httpd/ssl/clientcerts/client.p12
> SSLProxyCACertificatePath /etc/httpd/ssl/CA
> -------------------------
> For some some reason apache is unable to pickup the client certificate and send it to the server.
> Please advise.
> Regards,
> Pe
>
Is PKCS12 legit there? Example has a pem-formatted file -- try splitting yours?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org