Apache SSLProxyMachineCertificateFile does not work

Posted by Serge - appTranslator on Server Fault See other posts from Server Fault or by Serge - appTranslator
Published on 2013-06-28T14:01:48Z Indexed on 2013/06/28 16:24 UTC
Read the original article Hit count: 805

Filed under:

apache2

|

reverse-proxy

|

mod-ssl

I'm setting up an Apache reverse proxy that exposes a client certificate to the remote host. I do it using SSLProxyMachineCertificateFile /etc/tls/pki/certandkey.pem

Problem: The remote host does not recognize the client certificate.

Notes:

certandkey.pem contains the unencrypted key and the cert.
from the proxy box, curl -E /etc/tls/pki/certandkey.pem https://www.remote.com works fine.
It's a GoDaddy SSL certificate. It's bundled with a gd_bundle.crt. Should I use SSLProxyMachineCertificateChainFile?
I'm on CentOS 6.3 with Apache 2.2.15 (SSLProxyMachineCertificateChainFile not available)

© Server Fault or respective owner

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More

Related posts about reverse-proxy

Reverse Proxy FTP traffic

as seen on Server Fault - Search for 'Server Fault'
I was wondering if anyone knew of a reverse proxy server to reverse proxy ftp traffic. I would like to run many servers on ip address, but then pass the traffic to an internal server with its own ip address. Thank you for any suggestions. >>> More
Determine nginx reverse-proxy load limits

as seen on Server Fault - Search for 'Server Fault'
Hi all: I have an nginx server (CentOS 5.3, linux) that I'm using as a reverse-proxy load-balancer in front of 8 ruby on rails application servers. As our load on these servers increases, I'm beginning to wonder at what point will the nginx server become a bottleneck? The CPUs are hardly used,… >>> More
IIS reverse proxy to windows authenticated internal site

as seen on Server Fault - Search for 'Server Fault'
I have an internal windows authenticated website that I need to expose anonymously to external users. extern: http://foo.com/ (public) intern: http://privatefoo/ (requires windows auth) I want people hitting foo.com to see no security prompt, just get access to privatefoo - I know this is possible… >>> More
Running a reverse proxy in front of Splunk 4.x

as seen on Server Fault - Search for 'Server Fault'
So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not being translated correctly through the reverse proxy… >>> More
Creating a Reverse Proxy using Jpcap

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to create a program that receives HTTP request and forwards those requests to the web servers. I have successfully made this using only Java Sockets but the client needed the program to be implemented in Jpcap. I'd like to know if this is possible and what literature I should be reading… >>> More