On Mon, Feb 12, 2018 at 5:16 PM, Naveen Nandyala - Vendor
<Naveen.Nandyala@xxxxxxxxxxx> wrote:
>
> Below is my vhose entry.
>
> <VirtualHost *>
> ServerName Virtual:443
> SetEnv vhostname virtual
> Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; HttpOnly;secure" env=BALANCER_ROUTE_CHANGED
> Include <PROXY FILE>
> Include /u/applic/tc/HTTP/config/conf/secure.conf
> SSLCertificateFile /u/applic/tc/HTTP/config/ssl/Apachecertificate.pem
> SSLCertificateKeyFile /u/applic/tc/HTTP/config/ssl/Apachecertificate.key
> SSLProxyEngine on
> SSLProxyCACertificateFile /tmp/was.crt
> SSLProxyVerify require
> SSLProxyVerifyDepth 2
> </VirtualHost>
>
> From beginning All I was looking for is mutual authentication between Apache and Websphere application server.
> I've added Apachecertificate Root certificate in WAS which is 3rd party signed.
For now there is no SSLProxyMachineCertificateFile in your
configuration (because we asked you to care only about the proxy
authenticating the server), so in the meantime you should also disable
SSLVerifyClient on the Websphere side (otherwise it will ask for a
client certificate which the proxy doesn't provide yet).
I tried the above with a self signed cert for
SSLProxyCACertificateFile and it worked.
Once it also works in your case, you can then configure the proxy to
send its certificate+key when requested to:
- SSLProxyMachineCertificateFile /path/to/proxy.crt+key
And re-enable client authentication on the websphere:
- SSLVerifyClient on
- SSLCACertificateFile /path/to/proxy.ca.crt
Regards,
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|