When Apache is configured as a proxy there are 2 separate HTTP(S) connections:
- one from the HTTP client to your Apache
- one from your Apache to some other server
The client of the first connection has no direct way to know your Apache is working as a proxy, nor where it connects exactly.
Both connections coexist more or less at the same time.
It is completely the opposite of an HTTP redirect, where the client gets the new URL and hence does in fact 2 connections but one after the other.
Hence:
I want to hide this fact from my users.
This is implied by using Apache as a proxy.
They must not be required to provide a client certificate.
They won't except if your Apache is configured to ask for a client certificate for the path covered by your configuration above.
Instead, I would like Apache to use a certificate that's stored on the server.
Everything related to TLS is under control of mod_ssl whose documentation is at
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
You will there be mostly interested by SSLProxyMachineCertificateFile and its surroundings as it is described in that way:
This directive sets the all-in-one file where you keep the certificates and keys used for authentication of the proxy server to remote servers.
Note the contexts where it can appear: global server, virtual host or proxy directive (hence you can not put it directly in your Location block)
So you will need to add something like:
<Proxy "https://thirdparty.example:2345/foo/*">
SSLProxyMachineCertificateFile /some/path
</Proxy>
