0

I need to create an IHS reverse proxy that takes https://server1:6883 and proxies it to https://server2:6883, but unlike other ServerFault questions, the initial connection needs to be https not http. I have the following...

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen 6883
<VirtualHost *:6883>
SSLEnable

SSLProxyEngine On
KeyFile /opt/IBM/HTTPServer/cert/wlpkey.kdb
ProxyPass / https://server2:6883/
</VirtualHost>

but error_log says: SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file. Label='(null)'

I suspect the problem is that I need two KeyFiles: one for proxy recipient and one to enable SSL/TLS.

mellow-yellow
  • 431
  • 5
  • 14

1 Answers1

0

Assuming your certificate database has the needed certificate you need another directive called SSLServerCErt to tell the SSL virtualhost which certificate it must use for the SSL handshake, for example:

SSLServerCert server1.example.com

where server1.example.com is the label and the CN of the certificate you have in the keystorage database. Note you need the complete set of certificate, that is, the equivalent of a p12, a private key, a signed certificate and the CA chain.

Also, always add ServerName, specially if you have more than one single virtualhost, it is a good practice nevertheless.

ServerName server1.example.com
ezra-s
  • 2,215
  • 1
  • 7
  • 13