Mutual authentication between Apache HTTP server and an application server.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Yann,

	Earlier I've downloaded Websphere Server  Root certificate in Base-64 format. So I was using inform as pem as DER is not working.

Not I've downloaded in DER format and ran below command that you gave. After restarting my apache and when I try to access url I see below error.

[Mon Feb 12 07:22:12.631833 2018] [ssl:warn] [pid 21729:tid 139998669920000] AH02268: Proxy client certificate callback: (Virtual:443) downstream server wanted client certificate but none are configured
[Mon Feb 12 07:22:12.644376 2018] [proxy_http:error] [pid 21729:tid 139998669920000] (103)Software caused connection abort: [client 10.246.8.176:53774] AH01102: error reading status line from remote server WASSERVER:PORT
[Mon Feb 12 07:22:12.644411 2018] [proxy:error] [pid 21729:tid 139998669920000] [client 10.246.8.176:53774] AH00898: Error reading from remote server returned by /URI

Was wondering if Apache(Client) don't connect to Websphere (Server) if Websphere uses a Self-signed certificate?





Warm Regards, 
Naveen Kumar Reddy N

-----Original Message-----
From: Yann Ylavic [mailto:ylavic.dev@xxxxxxxxx] 
Sent: Monday, February 12, 2018 2:31 AM
To: users@xxxxxxxxxxxxxxxx
Subject: EXT: Re:  Mutual authentication between Apache HTTP server and an application server.

Hi,

On Mon, Feb 12, 2018 at 1:30 AM, Naveen Nandyala - Vendor <Naveen.Nandyala@xxxxxxxxxxx> wrote:
>
> /tmp/was.crt was created as below.
>
> Extracted root certificate from WAS.
> Converted .cer file to crt using below command.
>
> openssl x509 -inform PEM -in was.cer -out was.crt

Isn't "was.cer" rather in DER format? The above command is a no-op, and you probably want PEM for the certificate used on the proxy, so maybe :
$ openssl x509 -inform DER -in was.cer -outform PEM -out was.crt ?

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux