我试图使用Apache创建以下设置:
UserBrowser ----Client Certificate---> LoadBalancer (Apache 2.4)
then
LoadBalancer (Apache 2.4) ----LB Client Certificate ----> Apache 2.2 Web Server
因此,用户连接到负载均衡器并提供客户端证书 - 这可以正常工作 .
然后,反向代理使负载均衡器连接到Web服务器,Web服务器从Load Balancer请求证书,我收到以下错误:
Proxy client certificate callback: (0.0.0.0:443) entered
Proxy client certificate callback: (0.0.0.0:443) downstream server wanted client certificate but none are configured
[remote 0.0.0.1:443] SSL Proxy connect failed
[ssl:info] SSL Library Error: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (SSL alert number 40)
[ssl:info] [remote 0.0.0.1:443] Connection closed to child 0 with abortive shutdown (server 0.0.0.0:443)
[ssl:info] [remote 0.0.0.1:443] SSL handshake failed: sending 502
负载均衡器配置:
SSLProxyEngine on
ProxyRequests off
ProxyPreserveHost on
Proxytimeout 600
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyMachineCertificateFile "/path/to/keyandcert.pem"
Web服务器配置:
SSLVerifyClient require
如果我从Web服务器中删除SSLVerifyClient,则此方案有效,然后流量负载 balancer . 我需要在User-LB和LB-WS之间进行客户端验证 .
Keys Certs使用1024位长模数生成
任何人都可以提供对这里可能出现的问题的见解吗?