My web servers need to integrate with a 3rd party's server that sits behind a firewall. In order to get through the firewall all requests have to come from the same IP address and be authenticated via SSL. So I set up a machine that's supposed to work as a proxy and forward all traffic via SSL to the 3rd party server.
I set up the proxy with the certificates and matching key files and can make a successful request to the 3rd party service via CURL just fine, using the certificate and key file. I sey up a virtual host on Apache to pass these requests through, but keep getting errors saying that the SSL handshake with the remote server failed. I see the following error messages in my apache logs:
Proxy client certificate callback: (:443) downstream server wanted
client certificate but none are configured [Sun Jul 29
01:40:48 2012] [error] (502)Unknown error 502: proxy: pass request
body failed to <3rd party IP>:18443 (<3rd party URL>)
[Sun Jul 29 01:40:48 2012] [error] [client ] proxy: Error during
SSL Handshake with remote server returned by /
My apache virtual host configuration looks as follows:
<VirtualHost *:18443>
ServerName <Proxy IP>
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/my_server.pem
SSLCertificateKeyFile /etc/apache2/ssl/my_server.key
SSLProxyCACertificatePath /etc/ssl/certs
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://<3rd party server address>:18443
ProxyPassReverse / https://<3rd party server address>:18443
</VirtualHost>
Thank you! Any help is highly appreciated!
Best Answer
You need to configure Apache to use that certificate file as an authentication mechanism to its proxy backend.
Combine the
.pemand.keyinto one file, and point to it with: