Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: mod_ssl Expired Security Certificate bypass |
|
Author |
|
rsoo
Joined: 19 Jul 2013 Posts: 1 Location: San Diego
|
Posted: Fri 19 Jul '13 20:39 Post subject: mod_ssl Expired Security Certificate bypass |
|
|
Apache 2.2.15
CentOS 6.3
Hi all,
Before I begin, I apologize for any terminology/basic understanding mistakes I may present. I am a novice at Apache servers and all things that come with it.
Some background on my problem: I am developing a data aggregation web app that needs to grab data from various sources. I do so using XMLHttpRequests, but to bypass the Same Origin policy, I set up a proxypass/reverseproxypass to the respective servers that I'm trying to pull data from. These servers use https protocol so I installed mod_ssl onto my Apache server and it worked well, until I ran into a source who's ssl certificate had expired. While I realize an expired certificate should be fixed, I am in no control of that end of the operations and must figure out a work around.
The following is the relevant portion of my Apache error_log:
Code: | [Thu Jul 18 10:02:24 2013] [debug] ssl_engine_kernel.c(1872): OpenSSL: Handshake: done
[Thu Jul 18 10:02:24 2013] [info] Connection: Client IP: [REDACTED], Protocol: TLSv1, Cipher: [REDACTED] (256/256 bits)
[Thu Jul 18 10:02:24 2013] [info] [client [REDACTED]] SSL Proxy: Peer certificate is expired
[Thu Jul 18 10:02:24 2013] [info] [client [REDACTED]] Connection closed to child 0 with abortive shutdown (server localhost.localdomain:80) |
I have searched for the "SSL Proxy: Peer certificate is expired" error code and was linked to the mod_ssl source code where the expiration check is made. I'm thinking that modifying mod_ssl to make it not perform this check would be the best course of action, but I cannot find where these files are located on my CentOS machine.
If anyone has experienced this problem or have any advice/tips/suggestions, they are greatly welcomed.
Thank you for taking the time to read this post, anything is appreciated!
- Ryan |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Sat 20 Jul '13 16:46 Post subject: |
|
|
you can turn that warning off
SSLProxyCheckPeerExpire off
That warning is because the backend proxy ssl certificate is not valid. Expired or selfmade certificate. |
|
Back to top |
|
|
|
|
|
|