logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: mod_ssl Expired Security Certificate bypass
Author
rsoo



Joined: 19 Jul 2013
Posts: 1
Location: San Diego

PostPosted: Fri 19 Jul '13 20:39    Post subject: mod_ssl Expired Security Certificate bypass Reply with quote

Apache 2.2.15
CentOS 6.3

Hi all,

Before I begin, I apologize for any terminology/basic understanding mistakes I may present. I am a novice at Apache servers and all things that come with it.

Some background on my problem: I am developing a data aggregation web app that needs to grab data from various sources. I do so using XMLHttpRequests, but to bypass the Same Origin policy, I set up a proxypass/reverseproxypass to the respective servers that I'm trying to pull data from. These servers use https protocol so I installed mod_ssl onto my Apache server and it worked well, until I ran into a source who's ssl certificate had expired. While I realize an expired certificate should be fixed, I am in no control of that end of the operations and must figure out a work around.

The following is the relevant portion of my Apache error_log:

Code:
[Thu Jul 18 10:02:24 2013] [debug] ssl_engine_kernel.c(1872): OpenSSL: Handshake: done
[Thu Jul 18 10:02:24 2013] [info] Connection: Client IP: [REDACTED], Protocol: TLSv1, Cipher: [REDACTED] (256/256 bits)
[Thu Jul 18 10:02:24 2013] [info] [client [REDACTED]] SSL Proxy: Peer certificate is expired
[Thu Jul 18 10:02:24 2013] [info] [client [REDACTED]] Connection closed to child 0 with abortive shutdown (server localhost.localdomain:80)


I have searched for the "SSL Proxy: Peer certificate is expired" error code and was linked to the mod_ssl source code where the expiration check is made. I'm thinking that modifying mod_ssl to make it not perform this check would be the best course of action, but I cannot find where these files are located on my CentOS machine.

If anyone has experienced this problem or have any advice/tips/suggestions, they are greatly welcomed.

Thank you for taking the time to read this post, anything is appreciated!

- Ryan
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Sat 20 Jul '13 16:46    Post subject: Reply with quote

you can turn that warning off

SSLProxyCheckPeerExpire off


That warning is because the backend proxy ssl certificate is not valid. Expired or selfmade certificate.
Back to top


Reply to topic   Topic: mod_ssl Expired Security Certificate bypass View previous topic :: View next topic
Post new topic   Forum Index -> Apache