SSLProxyEngine config help

--00032555457a8b0cd1047af7bb77
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Ok, hopefully I'm not missing something stupid again... I'm trying to
enable the SSL proxy engine for use in one of my virtual hosts, and though
it seems to accept my SSLProxyMachineCertificateFile upon startup, I get
gobledegook requests when trying to connect over HTTPS:

Here is my server config:


ServerName www.foo.com
ServerAlias localhost foo.com *.foo.com

SSLProxyEngine on
SSLProxyMachineCertificateFile /etc/httpd/conf/proxy.pem
ProxyRequests Off


Order deny,allow
Allow from all


ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/


Here is the output of the server logs upon startup:

[Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Thu Dec 17 21:37:42 2009] [notice] Digest: generating secret for digest
authentication ...
[Thu Dec 17 21:37:42 2009] [notice] Digest: done
[Thu Dec 17 21:37:43 2009] [notice] Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9
OpenSSL/0.9.8b configured -- resuming normal operations

Then when I run 'lynx https://localhost/foo.jsp', I get the following in th=
e
httpd logs:

==> /etc/httpd/logs/access_log <==
127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235 "-"
"-"
127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03" 501 1232 "-" "-"

And I get the following in the tomcat access logs:

127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s
=01 / HTTP/1.1' 501 12=
29
127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s
 / HTTP/1.1' 501 1226

Ring any bells?
-T

--00032555457a8b0cd1047af7bb77
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Ok, hopefully I'm not missing something stupid again...=A0 I'm tryi=
ng to enable the SSL proxy engine for use in one of my virtual hosts, and t=
hough it seems to accept my SSLProxyMachineCertificateFile upon startup, I =
get gobledegook requests when trying to connect over HTTPS:


Here is my server config:

<VirtualHost *:443>
  =A0=
ServerName
  =A0 Ser=
verAlias localhost *. ://foo.com">foo.com


  =A0 SSLProxyEngine on
  =A0 SSLProxyMachineCertificateFile=
/etc/httpd/conf/proxy.pem
  =A0 ProxyRequests Off

  =A0 =
<Proxy *>
      =A0 Order deny,allow
    =
  =A0 Allow from all
  =A0 </Proxy>


  =A0 ProxyPass / https://local=
host:8443/
  =A0 ProxyPassReverse / :8443/">https://localhost:8443/
</VirtualHost>

Here is =
the output of the server logs upon startup:


[Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper: =
/usr/sbin/suexec)
[Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache =
is not configured [hint: SSLSessionCache]
[Thu Dec 17 21:37:42 2009] [no=
tice] Digest: generating secret for digest authentication ...

[Thu Dec 17 21:37:42 2009] [notice] Digest: done
[Thu Dec 17 21:37:43 20=
09] [notice] Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8b configu=
red -- resuming normal operations

Then when I run 'lynx =3D"https://localhost/foo.jsp">https://localhost/foo.jsp', I get th=
e following in the httpd logs:


==> /etc/httpd/logs/access_log <==
127.0.0.1 - - [17/D=
ec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235 "-"=
; "-"
127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x=
01\x03" 501 1232 "-" "-"


And I get the following in the tomcat access logs:

127.0.0.1 [17=
/Dec/2009:21:38:52 -0500] 8443 '?s
=01 / HTTP/1.1' 501 1229 >127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s
 / HTTP/1.1' =
501 1226


Ring any bells?
-T


--00032555457a8b0cd1047af7bb77--

Re: SSLProxyEngine config help

--0015175cd0ea4f3a2d047af7c9de
Content-Type: text/plain; charset=ISO-8859-1

Forgot to mention that I generated the proxy.pem file by following the
process listed at https://issues.apache.org/bugzilla/show_bug.cgi?id=31856,
including making sure that I'm using an rsa key (not pkcs8).

-T

On Thu, Dec 17, 2009 at 9:45 PM, Todd Volkert wrote:

> Ok, hopefully I'm not missing something stupid again... I'm trying to
> enable the SSL proxy engine for use in one of my virtual hosts, and though
> it seems to accept my SSLProxyMachineCertificateFile upon startup, I get
> gobledegook requests when trying to connect over HTTPS:
>
> Here is my server config:
>
>
> ServerName www.foo.com
> ServerAlias localhost foo.com *.foo.com
>
> SSLProxyEngine on
> SSLProxyMachineCertificateFile /etc/httpd/conf/proxy.pem
> ProxyRequests Off
>
>
> Order deny,allow
> Allow from all
>
>
> ProxyPass / https://localhost:8443/
> ProxyPassReverse / https://localhost:8443/
>
>
> Here is the output of the server logs upon startup:
>
> [Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache is not configured
> [hint: SSLSessionCache]
> [Thu Dec 17 21:37:42 2009] [notice] Digest: generating secret for digest
> authentication ...
> [Thu Dec 17 21:37:42 2009] [notice] Digest: done
> [Thu Dec 17 21:37:43 2009] [notice] Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9
> OpenSSL/0.9.8b configured -- resuming normal operations
>
> Then when I run 'lynx https://localhost/foo.jsp', I get the following in
> the httpd logs:
>
> ==> /etc/httpd/logs/access_log <==
> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235 "-"
> "-"
> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03" 501 1232 "-" "-"
>
> And I get the following in the tomcat access logs:
>
> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1229
> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1226
>
> Ring any bells?
> -T
>

--0015175cd0ea4f3a2d047af7c9de
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Forgot to mention that I generated the proxy.pem file by following the proc=
ess listed at =3D31856">https://issues.apache.org/bugzilla/show_bug.cgi?id =3D31856, i=
ncluding making sure that I'm using an rsa key (not pkcs8).


-T