Re: Apache as a Mutual SSL enabled Forward Proxy (Apache Users)

Your next thing to test, from a vanilla/completely reset browser, would be

to load up these corresponding cert+key and ca chain files into that blank

slate, and ensure that these credentials actually work against your backend;

SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem

SSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\server.pem

Also drop your proxy server's log level to debug and discover what it has to say.

On Thu, May 24, 2018 at 2:42 AM, eranda rajapaksha <erandacr@xxxxxxxxx> wrote:

Hi all,

Im trying to configure Apache http server as a forward proxy with mutual ssl enabled. Following is the setup,

[HTTP client] ----------> [Apache Http Server]----------->[Web Server]

I need to enable Mutual SSL between Apache Http Server, Web Server. Following is the proxy I have configured. It works fine when connecting other internet web servers.

Listen 3128

<VirtualHost *:3128>

ProxyRequests On

SSLProxyEngine On

SSLVerifyClient require

SSLVerifyDepth 10



SSLProxyMachineCertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\key-client.pem

SSLProxyCACertificateFile D:\sys-projects\aaa\Apache24\Apache24\security\server.pem



</VirtualHost>

I have tested connecting client directly to the Web server bypassing Apache Forward proxy and it works fine. But when it tries to connect through Apache server I'm getting following error on clients end,

java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 403 Proxy Error"

Even if I just enable one way SSL, the behavior is the same. Am I not importing the Server cert correctly into Apache? Or is there other configuration issue in my setup.

Please help me on this.

Thanks,
--

Eranda Rajapakshe

Computer Science and Engineering Undergraduate,

University of Moratuwa.

Tel : +94784822608

Email : erandacr@xxxxxxxxx