Hi Yann,

        Earlier I've downloaded Websphere Server  Root certificate in Base-64 
format. So I was using inform as pem as DER is not working.

Not I've downloaded in DER format and ran below command that you gave. After 
restarting my apache and when I try to access url I see below error.

[Mon Feb 12 07:22:12.631833 2018] [ssl:warn] [pid 21729:tid 139998669920000] 
AH02268: Proxy client certificate callback: (Virtual:443) downstream server 
wanted client certificate but none are configured
[Mon Feb 12 07:22:12.644376 2018] [proxy_http:error] [pid 21729:tid 
139998669920000] (103)Software caused connection abort: [client] AH01102: error reading status line from remote server 
[Mon Feb 12 07:22:12.644411 2018] [proxy:error] [pid 21729:tid 139998669920000] 
[client] AH00898: Error reading from remote server returned 
by /URI

Was wondering if Apache(Client) don't connect to Websphere (Server) if 
Websphere uses a Self-signed certificate?

Warm Regards, 
Naveen Kumar Reddy N

-----Original Message-----
From: Yann Ylavic [mailto:ylavic....@gmail.com] 
Sent: Monday, February 12, 2018 2:31 AM
To: users@httpd.apache.org
Subject: EXT: Re: [users@httpd] Mutual authentication between Apache HTTP 
server and an application server.


On Mon, Feb 12, 2018 at 1:30 AM, Naveen Nandyala - Vendor 
<naveen.nandy...@walmart.com> wrote:
> /tmp/was.crt was created as below.
> Extracted root certificate from WAS.
> Converted .cer file to crt using below command.
> openssl x509 -inform PEM -in was.cer -out was.crt

Isn't "was.cer" rather in DER format? The above command is a no-op, and you 
probably want PEM for the certificate used on the proxy, so maybe :
$ openssl x509 -inform DER -in was.cer -outform PEM -out was.crt ?


To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to