Re: [users@httpd] HTTPS connections via mod_proxy ProxyRemote don't work

[Krist van Besien <kr...@gmail.com>]

On Fri, Dec 4, 2009 at 6:27 AM, Devraj Mukherjee <de...@gmail.com> wrote:

> Any ideas if I need to do something special when using ProxyRemote and HTTPS?

I asume that since your revers proxy does some content mangling that
your clients talk plain http to your proxy?

A few thinks to look at:
- Does your Squid proxy allow the "CONNECT" http method?
- Is apache configured to function as an SSL client?  You need at
least to enable SSLProxyEngine, and define an
SSLProxyCACertificatePath.

In the second case you need to add the following to your config:

# turn on SSL proxying.
SSLProxyEngine On

# to tell Apache where to find CA certificates to check remote server
# certificates with:
# (You can choose yourself where you put these certificates)
SSLProxyCACertificatePath /path/to/ca/certificates.

Then in this path you need to put the CA certificate(s) used to sign
the certificate(s) used by the server(s) you communicate with. If you
want to talk to a server that uses a "self signed" certificate you
will need to put it in this dir too.

Once you've done that you need to run "c_rehash" in that directory.
c_rehash is part of a standard openssl distribution. c_rehash creates
hashed aliases in this dir. Apache needs these.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org