https://bz.apache.org/bugzilla/show_bug.cgi?id=63925
--- Comment #1 from Yann Ylavic <[email protected]> --- (In reply to Idar Lund from comment #0) > <VirtualHost *:443> > ServerName server1.tld1 [snip] > SSLProxyEngine On > ProxyPreserveHost On > ProxyPass / https://server2.tld2:8443/ > ProxyPassReverse / https://server2.tld2:8443/ > </VirtualHost> > > mod_ssl is using the http header field "Host:" to check the certificate on a > remote server. mod_ssl is indeed using the "Host:" which is sent to the backend server to validate that the certificate given by that backend corresponds. This is the right think to do. What happens in your case is that with "ProxyPreserveHost on" this "Host:" is "server1" (the one from the client/browser), so it fails to match the returned "server2" certificate. But why use ProxyPreserveHost in the first place if the backend really is "server2"? I'd suggest to leave ProxyPreserveHost alone (i.e. default "off"), so that the "Host:" header is taken from the ProxyPass, or set "SSLProxyCheckPeerName off" if you don't want to verify the backend's CN (it can't match in your case). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
