[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache as a Mutual SSL enabled Forward Proxy


Your next thing to test, from a vanilla/completely reset browser, would be
to load up these corresponding cert+key and ca chain files into that blank
slate, and ensure that these credentials actually work against your backend;

  SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem
  SSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\server.pem

Also drop your proxy server's log level to debug and discover what it has to say.

On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erandacr@xxxxxxxxx> wrote:
Hi all,

Im trying to configure Apache http server as a forward proxy with mutual ssl enabled. Following is the setup,

[HTTP client] ----------> [Apache Http Server]----------->[Web Server]

I need to enable Mutual SSL between  Apache Http Server, Web Server. Following is the proxy I have configured. It works fine when connecting other internet web servers.

Listen 3128
 
<VirtualHost *:3128>
  ProxyRequests On
  SSLProxyEngine On
  SSLVerifyClient require
  SSLVerifyDepth  10
  
  SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem
  SSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\server.pem
  
</VirtualHost>  


I have tested connecting client directly to the Web server bypassing Apache Forward proxy and it works fine. But when it tries to connect through Apache server I'm getting following error on clients end,

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 403 Proxy Error"

Even if I just enable one way SSL, the behavior is the same. Am I not importing the Server cert correctly into Apache? Or is there other configuration issue in my setup.

Please help me on this.


Thanks,
--
Eranda Rajapakshe
Computer Science and Engineering Undergraduate,
University of Moratuwa.