I'm working to set up Apache as a forward proxy with a client that uses 2-way SSL. The basic flow is myApplication –via http–> Apache proxy –via 2 way SSL–> client. After setting everything up, when I try to start Apache, I'm getting a "incomplete client cert configured for SSL proxy (missing or encrypted private key?)" error. What I can't figure out is that the client cert I'm using in the SSLProxyMachineCertificateFile directive has both the unencrypted private key and the public cert already. Any suggestions on what I'm missing and/or anything else I can try? Does the all-in-one machine cert need to have the chain in it as well?
Here's what my vhost looks like.
<VirtualHost *:8082>
ServerName my.domain.com
ProxyRequests On
SSLProxyEngine On
SSLProxyMachineCertificateFile /etc/httpd/keys/machine.pem
SSLProxyCACertificateFile /etc/httpd/keys/machine.chain.crt
ProxyPass / https://target.client.com/
ProxyPassReverse / https://target.client.com/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
EDIT: I updated the basic flow to clarify what kind of connection I'm trying to use between the application, apache, and the client.
Best Answer
Your PEM file is not the correct format. Checkout this post.
http://projectzme.wordpress.com/2013/02/02/tip-sslproxymachinecertificatefile-returns-missing-or-encrypted-private-key/