I have a web server (Apache reverse proxy) in front of my app server (Apache) and I'm trying to pass common name for SSL.
My web server (Apache reverse proxy) is setup to preserve hostname (ProxyPreserveHost On)
On my app server (Apache) how do I configure my virtual host to pickup on on the hostname passed by the Proxy server?
I'm getting errors like this:
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[warn] RSA server certificate CommonName (CN) `appserver01' does NOT match server name!?
Do I need anything additional turned via on my app server (Apache configuration)? Here is what my vhost looks like:
NameVirtualHost *:80
Header always append X-Frame-Options SAMEORIGIN
<VirtualHost *:80>
DocumentRoot /var/www/app
ServerName www.app.com
ServerAlias app.com
ServerAlias appserver01.domain.com
<Directory /var/www/app>
Options All
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost IP_OF_WEB_SERVER_HERE:443>
DocumentRoot /var/www/app
ServerName www.app.com
ServerAlias app.com
ServerAlias appserver01.domain.com
<Directory /var/www/app>
AllowOverride All
</Directory>
SSLProxyEngine On
SSLEngine On
SSLCertificateFile /etc/ssl/certs/www_app_com_cert.cer
SSLCertificateKeyFile /etc/ssl/certs/www_app_com.key
SSLCACertificateFile /etc/ssl/certs/ca-bundle.crt
</VirtualHost>
Basically I want to allow the hostname to pass through the proxy server so my SSL cert will work. I have ProxyPreserveHost turned on but it doesn't appear to work as the Apache webserver still sees the hostname as the internal hostname "appserver01" instead of "www.app.com".
Thanks
Best Answer
Try enabling the SSL Proxy Engine: