IBM HTTP Server (IHS) Reverse Proxy and SSL


I need to create an IHS reverse proxy that takes https://server1:6883 and proxies it to https://server2:6883, but unlike other ServerFault questions, the initial connection needs to be https not http. I have the following…

LoadModule proxy_module modules/
LoadModule proxy_http_module modules/
Listen 6883
<VirtualHost *:6883>

SSLProxyEngine On
KeyFile /opt/IBM/HTTPServer/cert/wlpkey.kdb
ProxyPass / https://server2:6883/

but error_log says:
SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file. Label='(null)'

I suspect the problem is that I need two KeyFiles: one for proxy recipient and one to enable SSL/TLS.

Best Answer

Assuming your certificate database has the needed certificate you need another directive called SSLServerCErt to tell the SSL virtualhost which certificate it must use for the SSL handshake, for example:


where is the label and the CN of the certificate you have in the keystorage database. Note you need the complete set of certificate, that is, the equivalent of a p12, a private key, a signed certificate and the CA chain.

Also, always add ServerName, specially if you have more than one single virtualhost, it is a good practice nevertheless.

