Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Httpd proxy on AIX: failed to connect SSL
Special Forums IP Networking Proxy Server Httpd proxy on AIX: failed to connect SSL Post 303042274 by trifo75 on Friday 20th of December 2019 04:05:21 AM
Old 12-20-2019
Httpd proxy on AIX: failed to connect SSL
Hi,

I am trying to migrate a quite old proxy server with Apache httpd, running on AIX
The scenario is that my server accepts connections on http and proxies them to an SSL backend. This is done in a ProxyPass statement, as follows:
Code:
ProxyPass /myservice/my-ws https://mybackend.mycompany.com/app/myservice

When I try to access this service, I get an internal server error and there is an entry in the error log:
Code:
[Fri Dec 20 08:51:53.194111 2019] [proxy:error] [pid 20250630:tid 6683] AH00961: HTTPS: failed to enable ssl support for 10.148.0.139:443 (mybackend.mycompany.com)

The httpd version is 2.4.39 (perzl.org), running on AIX 7.1
I suspect that I would need to install CA certificates to be able to establish SSL connection, however the default value for SSLVerifyCert is none.

Tried to set the logging to higher value, but no relevant info came up (LogLevel was set from warn to debug). Is there a way to produce some more detailed log on this type of ssl handshake?

Thanks,
--Trifo
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to connect to FTP server which requires SSL authentication?

Hello, I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread. I am trying to connect to a FTP server 1) using a simple FTP command, it gives the error : 534 Policy requires SSL. Login failed. 2) using SFTP... (19 Replies)
Discussion started by: amitshete
19 Replies

2. AIX

AIX Remote Connect Fail With “No more multiple IP addresses to connect” Error

We have a production server at a client site running AIX. And recently when users are trying to connect to it via telnet, it prompts "No more multiple IP addresses to connect". Can I know what does this error mean? and how to rectify this? Thanks. (2 Replies)
Discussion started by: a_sim
2 Replies

3. Web Development

Apache proxy for web app with ssl

I have a ubuntu server running subsonic as a web app. Currently the web interface is available from port 4040 for https connections and 4141 for https connections with the context /subsonic as follows: http://mydomain:4040/subsonic https://mydomain:4141/subsonic I would like to loose the port... (0 Replies)
Discussion started by: barrydocks
0 Replies

4. Web Development

Http connect to proxy to websockets

I am having a hard time with this one. We have a websocket server listening on port 80 at myserver.com/wsDemo?ID=12. We need to test a client program by connecting it to this server through a proxy. I am trying nginx 1.2.7 as the proxy on port 8080, running on proxy-server. We want the client to... (1 Reply)
Discussion started by: glev2005
1 Replies

5. Web Development

Httpd proxy with mod_jk,ssl only on login page using .htacess

Hi all, I have a web app with the following pages, browse.jsp and shopping.jsp. I want to protect shopping.jsp with https. (https is only between browser and apache httpd server.)The https for the shopping.jsp page will terminate at the web server. From web server to tomcat application server... (0 Replies)
Discussion started by: new2ss
0 Replies

6. Programming

Failed SSL Connection Attempt

The below error message I started seeing using Ubuntu 14.04 and was wondering if the forum has seen it because I cant seem much on the net for this: perl -e 'use IO::Socket::SSL qw(debug3);IO::Socket::SSL->new(PeerAddr=>"10.0.0.100",PeerPort=> 443,Proto=>"TCP") or die $!' DEBUG:... (1 Reply)
Discussion started by: metallica1973
1 Replies

7. Red Hat

Proxy tunneling failed: ForbiddenUnable to establish SSL connection.

Tryied both ways curl and wget wget --no-check-certificate https://mysitet.it:61617 --2017-05-05 17:29:02-- https://mysitet.it:61617/ Connecting to myproxy:8080... connected. Proxy tunneling failed: ForbiddenUnable to establish SSL connection. curl https://mysite.it:61617 curl: (56)... (3 Replies)
Discussion started by: charli1
3 Replies

LEARN ABOUT DEBIAN

proxytunnel

PROXYTUNNEL(1)						      General Commands Manual						    PROXYTUNNEL(1)

NAME

       proxytunnel - program to tunnel a connection throught an standard HTTPS proxy.

SYNOPSIS

       proxytunnel [options]

DESCRIPTION

       This manual page documents the proxytunnel command.

       proxytunnel is a program that open a tunnel through a HTTPS proxy.

OPTIONS

       This program follow the usual GNU command line syntax, with long options starting with two dashes (`-').

       -h, --help
	      Print help and exit.

       -V, --version
	      Print the version of the program and exit.

       -i, --inetd
	      Run from inetd. Default is off.

       -a PORT, --standalone=PORT
	      Run as standalone daemon on specified port.

       -p host:port, --proxy=host:port
	      The local HTTPS proxy host:port combo to connect to.

       -r host:port, --remproxy=host:port
	      The second-level (remote) proxy host:port to connect to when using two proxies.

       -d host:port, --dest=host:port
	      The destination host:port to built the tunnel to.

       -e, --encrypt
	      Encrypt the data between the local proxy and the destination using SSL.

       -E, --encrypt-proxy
	      Encrypt the data between the client and the local proxy using SSL.

       -B, --buggy-encrypt-proxy
	      Encrypt  the  data  between  the	client and the local proxy using SSL, but stop using SSL immediately after the CONNECT exchange to
	      workaround server bugs.  (Might not work on all setups; see /usr/share/doc/proxytunnel/README.Debian.gz for more details.)

       -X, --encrypt-remproxy
	      Encrypt the data between the local proxy and the second-level proxy using SSL.

       -F STRING, --passfile=STRING
	      The file containing Username & Password to send to HTTPS proxy for authentification.  This file uses the same format as .wgetrc, and
	      so  can use the credentials in common with wget.	This option can be used to at least hide the password from anyone clever enough to
	      use the `ps' command.

       -P user:pass, --proxyauth=user:pass
	      The credentials to use for local HTTP(S) proxy authentication.

       -R user:pass, --remproxyauth=user:pass
	      The credentials to use for remote HTTP(S) proxy authentication.

       -N, --ntlm
	      Use NTLM-based authentication.

       -t DOMAIN, --domain=DOMAIN
	      The NTLM domain to use, default is to autodetect.

       -H STRING, --header=STRING
	      Additional HTTP headers to send to the proxy.

       -x STRING, --proctitle=STRING
	      Use a different process title.

       -v, --verbose
	      Turn on verbosity. Default is off.

       -q, --quiet
	      Suppress messages. Default is off.

NOTES

       To use this program with OpenSSH to connect to a host somewhere, create a $HOME/.ssh/config file with the following content:

       Host foobar
	    ProtocolKeepAlives 30
	    ProxyCommand /usr/bin/proxytunnel -p proxy.customer.com:8080
	       -P user:password -d mybox.athome.nl:443

       If your proxy doesn't require the username and password for using it, you can skip these options.

       If you want to run proxytunnel from inetd add the '--inetd' option.

       Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563 (SNEWS), so some hacking is necessary to start the SSH  dae-
       mon on the required port. (On the server side add an extra Port statement in the sshd_config file)

AUTHOR

       This  manual  page was written by Loic Le Guyader <loic.leguyader@laposte.net> and updated by Julian Gilbey <jdg@debian.org> for the Debian
       GNU/Linux system (but may be used by others).

								  August 30, 2009						    PROXYTUNNEL(1)
All times are GMT -4. The time now is 01:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy