Strange error after upgrading from Apache 2.2.25 to 2.2.27 (and upgrading from FreeBSD9 to FreeBSD10)
Rainer Duffner
rainer at ultra-secure.de
Mon Jun 16 14:03:50 UTC 2014
Hi,
I have a system that does the following:
SSLProxyEngine on
SSLProxyMachineCertificateFile /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt
SSLProxyCACertificateFile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt
SSLProxyVerify require
SSLProxyVerifyDepth 1
This configuration worked with FreeBSD9, apache-2.2.25.
However, after the upgrade to FreeBSD10 and apache-2.2.27, I get:
[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(696): Configuring
client authentication
[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA
certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG, Ingbk/OU=Swiss Medical
Suite Docbox Forwarder Test Facility/CN=SMS Docbox Proxy Test
Certification
Authority/emailAddress=info.swissmedicalsuite.docbox.proxy.ch
[Fri Jun 13 17:37:16 2014] [debug] ssl_engine_init.c(1414): CA
certificate: /C=CH/ST=ZH/L=Zuerich/O=H-Net AG/OU=H-Net Secure
Operations/CN=ihe.h-net.ch/emailAddress=ihe at h-net.ch incomplete client
cert configured for SSL proxy (missing or encrypted private key?)
I'm a bit puzzled by this, because I don't see any obvious error.
openssl verify
-CAfile /usr/local/etc/apache/ssl.crt/ProxyTest_RedAndPurpleCA.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt /usr/local/etc/apache/ssl.crt/DocboxTestProxyClientKeyCert.crt:
OK
They seem to match...
Can anybody share some insight?
I know it's this part that is problematic, because if I comment out
this section (and a similar section in another config-file, that uses
the same syntax), apache starts again.
Rainer
More information about the freebsd-apache
mailing list