Thank you Eric, I’ve added below values and I see below error message in logs.
[Sun Feb 11 18:26:32.055662 2018] [ssl:error] [pid 43131:tid 140388278904576] [remote XXXXX:xxx] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain [Sun Feb 11 18:26:32.055896 2018] [proxy_http:error] [pid 43131:tid 140388278904576] (103)Software caused connection abort: [client XXXXX:XXX] AH01102: error reading status line from remote server XXXX:xxx [Sun Feb 11 18:26:32.055921 2018] [proxy:error] [pid 43131:tid 140388278904576] [client 10.246.8.176:27615] AH00898: Error reading from remote server returned by /xxxx Values Added :: SSLProxyEngine on SSLProxyCACertificateFile /tmp/was.crt SSLProxyVerify require SSLProxyVerifyDepth 2 /tmp/was.crt was created as below. Extracted root certificate from WAS. Converted .cer file to crt using below command. openssl x509 -inform PEM -in was.cer -out was.crt Warm Regards, Naveen Kumar Reddy N IBM Middleware WAS-MQ Tower Lead ( WalMart ) Toll Free Number - 866-912-0282(B),855-755-9356(H) Mail: nkna...@wal-mart.com<mailto:nkna...@wal-mart.com> SLACK Channel:: middleware_l2 [cid:image001.jpg@01D26CB2.5110A6F0] Middleware ServiceNow Service Catalog Task Policy:: https://collaboration.wal-mart.com/display/IPSMW/Service+Now+Service+Task+Catalog+Policy Middleware ServiceNow Change Control Policy :: https://collaboration.wal-mart.com/display/IPSMW/Change+Control+Policy Middleware Customer Page:: https://teams.wal-mart.com/sites/Middleware/Customers/Pages/default.aspx From: Eric Covener [mailto:cove...@gmail.com] Sent: Sunday, February 11, 2018 12:54 PM To: users@httpd.apache.org Subject: EXT: Re: [users@httpd] Mutual authentication between Apache HTTP server and an application server. On Sun, Feb 11, 2018 at 1:50 PM, Naveen Nandyala - Vendor <naveen.nandy...@walmart.com<mailto:naveen.nandy...@walmart.com>> wrote: Yep, I’m looking for trust between my webserver and Appserver w/o client authentication. I’m not worried about trust between my web browser and webserver as I’m not looking for that now. That's just https://httpd.apache.org/docs/2.4/en/mod/mod_ssl.html#sslproxycacertificatefile pointing to the CA that signed your application server certs. Emphasis on the "proxy" in these directive names for the backside connection.