Mutual authentication between Apache HTTP server and an application server.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you Eric,

 

                I’ve added below values and I see below error message in logs.

 

[Sun Feb 11 18:26:32.055662 2018] [ssl:error] [pid 43131:tid 140388278904576] [remote XXXXX:xxx] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain

[Sun Feb 11 18:26:32.055896 2018] [proxy_http:error] [pid 43131:tid 140388278904576] (103)Software caused connection abort: [client XXXXX:XXX] AH01102: error reading status line from remote server XXXX:xxx

[Sun Feb 11 18:26:32.055921 2018] [proxy:error] [pid 43131:tid 140388278904576] [client 10.246.8.176:27615] AH00898: Error reading from remote server returned by /xxxx

 

Values Added ::

 

SSLProxyEngine on

SSLProxyCACertificateFile /tmp/was.crt 

SSLProxyVerify require

SSLProxyVerifyDepth  2

 

/tmp/was.crt was created as below.

 

Extracted root certificate from WAS.

Converted .cer file to crt using below command.

 

openssl x509 -inform PEM -in was.cer -out was.crt

 

 

Warm Regards, 
Naveen Kumar Reddy N
IBM Middleware WAS-MQ Tower Lead ( WalMart )
Toll Free Number - 866-912-0282(B),855-755-9356(H)
Mail: nknandy@xxxxxxxxxxxx

SLACK Channel:: middleware_l2

cid:image001.jpg@01D26CB2.5110A6F0

Middleware ServiceNow Service Catalog Task Policy:: https://collaboration.wal-mart.com/display/IPSMW/Service+Now+Service+Task+Catalog+Policy

Middleware ServiceNow Change Control Policy :: https://collaboration.wal-mart.com/display/IPSMW/Change+Control+Policy

Middleware Customer Page:: https://teams.wal-mart.com/sites/Middleware/Customers/Pages/default.aspx

 

From: Eric Covener [mailto:covener@xxxxxxxxx]
Sent: Sunday, February 11, 2018 12:54 PM
To: users@xxxxxxxxxxxxxxxx
Subject: EXT: Re: [users@httpd] Mutual authentication between Apache HTTP server and an application server.

 

 

 

On Sun, Feb 11, 2018 at 1:50 PM, Naveen Nandyala - Vendor <Naveen.Nandyala@xxxxxxxxxxx> wrote:

Yep, I’m looking for trust between my webserver and Appserver w/o client authentication.  I’m not worried about trust between my web browser and webserver as I’m not looking for that now.

 

​That's just https://httpd.apache.org/docs/2.4/en/mod/mod_ssl.html#sslproxycacertificatefile pointing to the CA that signed your application server certs.

 

Emphasis on the "proxy" in these directive names for the backside connection.

 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux