On Saturday 18 April 2020 at 16:35:30, mail mail wrote:
> I get error:
>
> Sat Apr 18 17:07:06.005494 2020] [ssl:emerg] [pid 16506:tid
> 139660538349440] AH02572: Failed to configure at least one certificate and
> key for portal.mydom.com:443
> [Sat Apr 18 17:07:06.005643 2020] [ssl:emerg] [pid 16506:tid
> 139660538349440] SSL Library Error: error:140A80B1:SSL
> routines:SSL_CTX_check_private_key:no certificate assigned
> And it is true. Those certificates stored in 192.168.1.20
If you configure a machine *either* as an HTTPS proxy *or* as an HTTPS web
server, it needs to have the requested site's SSL certificate on it, otherwise
clients will refuse to connect, or the server will refuse to start.
HTTPS is a security mechanism between a client and the server it is connecting
to. The client knows nothing asbout what that server might do afterwards
(such as connecting on to another server, as a proxy does).
It's entirely feasible to have a web proxy accept HTTP connections and pass
the requests on as HTTPS, or vice versa. If both connections are HTTPS, then
the proxy needs a certificate for the site the client is asking to connect to,
and the proxy needs to trust the certificate presented by the ultimate origin
server (ie: the "real" web server). Those certificates might both be the same
(in which case you probably need a pretty unusual DNS setup), but the basic
rule is that anything answering HTTPS requests has to have a valid certificate
for what is being requested.
Regards,
Antony.
--
Douglas was one of those writers who honourably failed to get anywhere with
'weekending'. It put a premium on people who could write things that lasted
thirty seconds, and Douglas was incapable of writing a single sentence that
lasted less than thirty seconds.
- Geoffrey Perkins, about Douglas Adams
Please reply to the list;
please *don't* CC me.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
