Re: HTTPS Proxy with Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Jeff, thanks for the answer ! Yes, I'm trying to perform that common scenario as you said. When the connection fails I got the message "Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]"

 I'll check the port on which Citrix is listening and I do realize now that I have forgotten to include the certificate in Apache !

Atenciosamente,
Fabio S. Schmidt
Consultor técnico Sênior
4linux - Open Software Specialists
http://www.4linux.com.br

From: "Jeff Trawick" <trawick@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Saturday, 12 July, 2014 6:27:11 PM
Subject: Re: HTTPS Proxy with Apache

On Thu, Jul 10, 2014 at 6:35 PM, <fabio.schmidt@xxxxxxxxxxxxx> wrote:

Hi !

I'm trying to use Apache 2.2 to proxy connections to a server that only listens with HTTPS (Citrix Secure Gateway, to be more precise) and keep the connection encrypted. I've already enabled the proxy, proxy_http and proxy_connect modules but when I access through my Apache server I got the message "ERR_SSL_PROTOCOL_ERROR".

Why proxy_connect?

Are you trying to perform this common scenario?

client <--- HTTP over SSL/TLS ---> httpd <--- HTTP over SSL/TLS ---> Citrix?

Does the client specify the hostname of httpd AND httpd has a certificate for that hostname?

 

What am I misunderstanding and if someone could explain to me the correct way to achieve a proxy with a HTTPS>HTTPS connection I would really appreciate !

Here is my configuration:

<VirtualHost *:443>
       SSLEngine ON
       SSLProxyEngine ON
       ProxyPass         / https://IP_OF_THE_CITRIX_SERVER/
       ProxyPassReverse / https://IP_OF_THE_CITRIX_SERVER/
        LogLevel debug
        ErrorLog /var/log/apache2/citrix-ssl-error.log
        TransferLog /var/log/apache2/citrix-ssl-access.log
</VirtualHost>


Isn't ERR_SSL_PROTOCOL error displayed by Chrome for an error connecting to port 443 (i.e., nothing to do with the backend proxy connection)?

Where's your certificate for client connections to port 443?

This is the only VirtualHost for port 443 in your config, right?

What is in /var/log/apache2/citrix-ssl-error.log when you fail to connect with a browser?
 

Atenciosamente,
Fabio S. Schmidt
Consultor técnico Sênior
4linux - Open Software Specialists
http://www.4linux.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Born in Roswell... married an alien...
http://emptyhammock.com/


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux