On Sun, Aug 23, 2009 at 8:30 PM, pe uni<peuni@xxxxxxxxx> wrote: > Hi Eric, below is the excerpt from the apache log > ------------------------------ > [Sun Aug 23 12:24:39 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //www.techmed.com/VENDOR/vendor.asmx > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(1507): [client interapp_ipaddr] proxy: *: found reverse proxy worker for https://www.techmed.com/VENDOR/vendor.asmx > [Sun Aug 23 12:24:39 2009] [debug] mod_proxy.c(966): Running scheme https handler (attempt 0) > [Sun Aug 23 12:24:39 2009] [debug] mod_proxy_http.c(1960): proxy: HTTP: serving URL https://www.techmed.com/VENDOR/vendor.asmx > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(2044): proxy: HTTPS: has acquired connection for (*) > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(2102): proxy: connecting https://www.techmed.com/VENDOR/vendor.asmx to www.techmed.com:443 > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(2195): proxy: connected /VENDOR/vendor.asmx to www.techmed.com:443 > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(2347): proxy: HTTPS: fam 2 socket created to connect to * > [Sun Aug 23 12:24:39 2009] [error] [client 73.155.40.73] SSL Proxy requested for my_proxyserver:80 but not enabled [Hint: SSLProxyEngine] > [Sun Aug 23 12:24:39 2009] [error] proxy: HTTPS: failed to enable ssl support for 73.155.40.73:443 (www.techmed.com) > [Sun Aug 23 12:24:39 2009] [debug] proxy_util.c(2062): proxy: HTTPS: has released connection for (*) > -------------------------------------------------- When proxying http to https you need to configure apache as an ssl _client_. Apache will not function as an SSL client out of the box. This question comes up regularly, and this is what I answered last time it came up: You need to add the following to your config. # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. Once you've done that you need to run "c_rehash" in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. In order to test if everything is there you can do the following: openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443 if the conenction succeeds just try to do a GET /abc/ and see if you get something. If this test is succesfull apache should work too. You can now add the ReWriteRule or Proxy statements to forward the connections to your https server. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|