Re: MTLS Setup issue - Apache HTTP Server and Weblogic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 18, 2024 at 3:22 AM Daiya, Devendra singh <Devendra.S.Daiya@xxxxxxxxxxxxxx.invalid> wrote:

Hi Team,

 

Need help in setting up MTLS between Apache HTTP server and Weblogic server (App Server).

 

I have gone through few links but those are not working. Post following suggested steps I was able to start Apache HTTP server but Application is not working. Getting below messages in the Error while accessing the application.

 

Could anyone please look at it and share some suggestion on how we should setup MTLS b/w Web and App server. Please let me know if any additional info needed.

 

Error message: -

 

"message" : "AH02645: Server name not provided via TLS extension (using default/first virtual host)" , "referer" : },

"message" : "AH02008: SSL library error 1 in handshake (server hostname:port)" , "referer" : }

"message" : "SSL Library Error: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate -- No CAs known to server for verification?" , "referer" : }

"message" : "AH01998: Connection closed to child 138 with abortive shutdown (server hostname:port , "referer" : }

"message" : "AH01964: Connection to child 24 established (server hostname:port)" , "referer" : }

"message" : "AH02645: Server name not provided via TLS extension (using default/first virtual host)" , "referer" : }

"message" : "AH02008: SSL library error 1 in handshake (server hostname:port)" , "referer" : }

"message" : "SSL Library Error: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate -- No CAs known to server for verification?" , "referer" : }

 

SSL.conf file has below directives set.

 

SSLEngine on

ProxyRequests Off

RewriteEngine on

SSLProxyEngine on

SSLProxyVerify on

SSLProxyCheckPeerCN off

SSLProxyCheckPeerName off

SSLProxyCheckPeerExpire off

SSLVerifyCLient require

SSLVerifyDepth 10

SSLProxyVerifyDepth 10

 

SSLOptions +ExportCertData

 

SSLProxyMachineCertificateFile "/apps/certs/Appcert.pem"

SSLProxyCACertificateFile "/apps/certs/trustedca.pem"

 

SSLCertificateFile "/path/to/hostname.crt"

SSLCertificateKeyFile "/path/to/hostname.key"

SSLCertificateChainFile "/path/to/hostname.crt"

SSLCACertificateFile "/path/to/trustedca.pem"

 

 

Thanks.

 

Regards,

Devendra


Rough guess:


Otherwise, we would need to see the full vhost.

Might be worth running apachectl -S to make sure you don't have misconfigured / overlapping vhosts, as well.

 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux