| Hello ! I want to setup a proxy, allowing my internal hosts to connect on external https servers (which forces client authentication by using a certificate). [ internal hosts ]-----http---->[ apache proxy ] ------https----> [external https server] External servers restrict connection from client which are authenticated by a client certificate (certified by the same CA). Excerpt of my .conf : # TEST ProxyPass /proxy/TEST/ https://laposte.net ProxyPassReverse /proxy/TEST/ https://laposte.net SSLProxyEngine on SSLCipherSuite RC4:MD5 SSLProxyCACertificateFile /etc/httpd/conf/ssl/ca-bundle.crt SSLProxyMachineCertificateFile /etc/httpd/conf/ssl/SSLproxy.pem SSLProxyVerifyDepth 10 SSLProxyVerify none I try to connect on 2 servers with similar configuration (same CA used, both requiring client auth, ... so AFAIK, my proxy will use the same client certificate): One connection is successfull, as i can saw in my debug httpd log file : [debug] ssl_engine_kernel.c(1499): Proxy client certificate callback: (myproxy:443) found acceptable cert, sending /C=XX/ST=CITY/L=Port/O=ORGANIZATION/OU=31/CN=myCN/emailAddress=myemail The other one not : [debug] ssl_engine_kernel.c(1571): Proxy client certificate callback: (myproxy:443) no client certificate found!? I wonder myself how clients certificates are choosen ? Any thoughts ? Thanks in advance -- Nicolas Cros Connaissez vous la maison du cordonnier ? Elle se trouve ici : http://barsa.free.fr |
|