Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

wwwxxx., xxxconhd, wwwxxx 0cm, wwwwxxxx cal pack all, file_get_contents php memory, @verizon.net mail, www. xxx. con, Yahoomail wwwxxx, wwwxxx.md2, wwwxxxxcon .haed

Links

XODOX
Impressum

#1: SSL Reverse Proxy with Client Certificate is restarting

Posted on 2002-09-20 10:38:19 by Lee Hoo Wah

Hi,

I have a problem using Apache/mod_ssl 2.0.39 as a SSL reverse proxy to
connect to a SSL Server.

|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#2: SSL Reverse Proxy with Client Certificate is dying

Posted on 2002-09-22 04:33:13 by Lee Hoo Wah

Hi,

I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.

|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#3: RE: SSL Reverse Proxy with Client Certificate is dying

Posted on 2002-09-22 07:23:37 by Lee Hoo Wah

Hi all,

Apologies for duplicating this email again. I had some problems with my
mailbox and thought that the original email did not get through. I also
updated the version of the Apache version from 2.0.39 to 2.0.40 because I
tested both with the same results.

Regarding the question itself, I would really appreciate if somebody could
give some suggestions.

Thanks again.

regards,
Lee Hoo Wah

-----Original Message-----
From: Lee Hoo Wah [mailto:leehw@epremiumsystems.com]
Sent: Sunday, September 22, 2002 10:33 AM
To: modssl-users@modssl.org
Subject: SSL Reverse Proxy with Client Certificate is dying


Hi,

I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.

|HTTP Client|-----http---->|Reverse Proxy|----https---->|Web Server|

There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authentication. But I see from the log files, after
the initial SSL handshaking, immediately after the "Proxy client certificate
callback: (xxx.xxx.xxx:80) found acceptable cert", the child process on the
Reverse Proxy just dies without any error in the log file. The child process
initialises itself all over again. My browser on the front end receives a
"Page not found" error.

I double checked my cert pathing using "openssl" and curl to go into the SSL
server and it works. So I think the certificate should be ok. Are there
anything else that I have left out?

I have also tested against both a IIS 5.0 and an Apache 2.0 web server. Both
returns the same error.

Really appreciate any help that might come along. Thanks in advace.

regards,
Lee Hoo Wah

____________________________________________
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server hello A
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 2,
subject: /C=US/O=GTE Corporation/CN=GTE CyberTrust Root, issuer: /C=US/O=GTE
Corporation/CN=GTE CyberTrust Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 1,
subject: /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority, issuer: /C=US/O=GTE Corporation/CN=GTE CyberTrust
Root
[debug] ssl_engine_kernel.c(1294): Certificate Verification: depth: 0,
subject: /C=SG/ST=Singapore/L=Singapore/O=xxx/OU=xxx/CN=xxx, issuer:
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server
certificate request A
[debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read server done A
[debug] ssl_engine_kernel.c(1620): Proxy client certificate callback:
(xxx.xxx.xxx:80) entered
[debug] ssl_engine_kernel.c(1593): Proxy client certificate callback:
(xxx.xxx.xxx:80) found acceptable cert, sending
/C=xx/O=xxx/OU=xxx/OU=xxx/SN=xxx/CN=xxxx
[notice] Parent: child process exited with status 3221225477 -- Restarting.
<<<<<< CHILD PROCESS DIES
[debug] mpm_winnt.c(562): Parent: Marked listeners as not inheritable.
[info] Init: Initializing OpenSSL library

_______________________________________

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message