Topic: mod_ssl SSLProxyMachineCertificateFile

[ray_h]

I'm running Centos 5 apache httpd-2.2.3-65. This webserver is setup to reverse proxy a http connection to https on a remote IIS server. The IIS server requires authentication with a certificate.

client/http-> Apache R Proxy/https client cert -> remote iis system

In my reverse proxy virtual host, I'm specifying my pem file with SSLProxyMachineCertificate. However when I try to access the remote iis server I get a 403.7 error msg complaining that I'm not sending my cert.

In my debug error log I see...


[Sun Sep 09 01:21:57 2012] [debug] ssl_engine_kernel.c(1595): Proxy client certificate callback: (VHOST:9050) entered

[Sun Sep 09 01:21:57 2012] [debug] ssl_engine_kernel.c(1640): Proxy client certificate callback: (VHOST:9050) no client certificate found!?


What condition causes this message to be produced? I know my cert is ok, I can access the remote site with openssl s_client. I know apache knows where it is -- its readable etc. Any insight into this error would be greatly appreciated.

Thanks.
Ray

[James Blond]

I found a solution on http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-reverse-proxy/start by googling

if you still have a question let us know.

[ray_h]

I got this working. It seems I was running up against an issue with the CA's being presented by the remote webserver. I found this patch -- which fixed my issue.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47134

Thanks for your help.