0

I have a user who can't get to my web site hosted on AWS EC2. This user is behind a corporate proxy server, and when they enter my URL, they get a "The proxy server isn't responding" message in IE and my apache logs show HTTP 408 results from their IP address.

The site requires SSL client certificates. It's an apache http server.

Other users are able to get to the web site just fine, and the user behind the proxy server is able to access other sites that require SSL client certificates.

Is there anything I can do to debug this from my end? If I can avoid it, I'd rather not have to make him chase down the issue on his end.

Charles
  • 121
  • 3
  • If you know the IP they will be connecting from, you can perform a packet capture and analyze things. It's highly unlikely that will give any insights, though. The user is going to need to engage with the admins of the proxy. – EEAA Sep 10 '15 at 22:58

1 Answers1

0

If the server cannot validate the client certificate, the handshake will stop and abort the connection.

A reason for this can be that the client certificate was signed by a CA that your server doesn't know about. Your Apache server should have a

SSLCACertificateFile

entry pointing to a file that contains all CA certificates in the client certificate CA chain.

Other reasons can be that there is no client certificate being sent or the client certificate doesn't have the correct corresponding private (secret) key installed on the client side or is revoked or has expired etc.

anneb
  • 206
  • 1
  • 8