Hi all,

I am trying to connect an httpd reverse proxy to a backend tomcat, and have 
this particular hop protected by a client certificate.

The error I get is:

[Sat Jan 05 14:02:54.252552 2019] [ssl:warn] [pid 16448:tid 139929388369664] 
AH02268: Proxy client certificate callback: (jira.example.com:443) downstream 
server wanted client certificate but none are configured

Ok, so httpd is telling me that the tomcat has requested a client certificate 
(entirely true) but httpd is not configured with a client certificate.

Except httpd is configured with a client certificate, as follows:

    SSLProxyEngine on
    SSLProxyMachineCertificateFile /etc/pki/httpd/client.cert
    SSLProxyMachineCertificateChainFile /etc/pki/httpd/client.chain
    SSLProxyCACertificateFile /etc/pki/httpd/client-ca.crt
    SSLProxyVerify require
    SSLProxyVerifyDepth 3

Does this functionality work in httpd v2.4.35, or is it configured incorrectly?

(As soon as I can get this working, I would like to fix our docs to be clear 
how to do this)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to