:~# curl http://proxy.localhorst.org
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
The proxy server could not handle the request<p>Reason: <strong>Error during SSL Handshake with remote server</strong></p><p />
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at proxy.localhorst.org Port 80</address>
</body></html>
hi sergio,
my be i have a solution with selfsign.
over all i recreate the apache packages with the new verion 2.4.41-4ubuntu3.3 and use only the patch with the tow rows involved.
then i found a descripion to create a rootCA with ocsp inside
https:/ /raymii. org/s/tutorials /OpenSSL_ command_ line_Root_ and_Intermediat e_CA_including_ OCSP_CRL% 20and_revocatio n.html
i copy and paste it straight forward and got the files
enduser- example. com.key example. com.crt example. com.chain
enduser-
enduser-
and in the cert is a ocsp uri
:~# openssl x509 -in enduser- example. com.crt -noout -ocsp_uri pki.sparklingca .com/ocsp/ pki.backup. com/ocsp/
http://
http://
at that point these ocsp responders dose not exists.
i reconfigure the apache from above with that selfsign cert
:~# vim /etc/apache2- own/sites- available/ own.conf
<VirtualHost 127.0.0.2:443>
ServerName own.localhorst.org
SSLEngine On eFile /etc/apache2- own/ssl/ enduser- example. com.crt eChainFile /etc/apache2- own/ssl/ enduser- example. com.chain eKeyFile /etc/apache2- own/ssl/ enduser- example. com.key
SSLCertificat
SSLCertificat
SSLCertificat
DocumentRoot /var/www/html-own
<Directory /var/www/html-own>
DirectoryIndex index.html
Options -Indexes
AllowOverride None
Require all granted
</Directory>
#LogLevel info ssl:warn
ErrorLog ${APACHE_ LOG_DIR} /own_error. log LOG_DIR} /own_access. log combined
CustomLog ${APACHE_
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:~# vim /etc/apache2- proxy/sites- enabled/ 000-default. conf t.org
<VirtualHost 127.0.0.1:80>
ServerName proxy.localhors
ProxyPreser veHost Off
ProxyRequests Off
SSLProxyEngine On ckPeerName On ckPeerExpire On ifyDepth 2 ertificateFile /etc/apache2- own/ssl/ enduser- example. com.chain herSuite ECDHE-RSA- AES256- GCM-SHA384, DHE-RSA- AES256- GCM-SHA384 tocol -all +TLSv1.2
SSLProxyVerify require
SSLProxyChe
SSLProxyChe
SSLProxyVer
SSLProxyCAC
SSLProxyCip
SSLProxyPro
ProxyPass / https:/ /own.localhorst .org/
LogLevel debug LOG_DIR} /localhorst_ access. log common
CustomLog ${APACHE_
</VirtualHost>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:~# curl http:// proxy.localhors t.org /strong> </p><p /> Apache/ 2.4.41 (Ubuntu) Server at proxy.localhors t.org Port 80</address>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
The proxy server could not handle the request<p>Reason: <strong>Error during SSL Handshake with remote server<
<hr>
<address>
</body></html>
:~# cat /var/log/ apache2- proxy/error. log init.c( 2060): AH02209: CA certificate: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE init.c( 2060): AH02209: CA certificate: OU=zzz, O=loca, C=DE,ST= NRW,CN= Localhorst intermediat CA init.c( 2060): AH02209: CA certificate: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE init.c( 2060): AH02209: CA certificate: OU=zzz, O=loca, C=DE,ST= NRW,CN= Localhorst intermediat CA /own.localhorst .org/ shared /own.localhorst .org/ local .org) min=0 max=25 smax=25 /own.localhorst .org/ shared /own.localhorst .org/ local .org) min=0 max=25 smax=25 core.c( 845): [client 127.0.0.1:48808] AH01628: authorization result: granted (no directives) .org) /own.localhorst .org/ to own.localhorst. org:443 org:443 .org) .org) t.org:80) kernel. c(1764) : [remote 127.0.0.2:443] AH02275: Certificate Verification, depth 2, CRL checking mode: none (0) [subject: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE / issuer: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE / serial: 1C4544923969224 2E4EB5F7124ECD2 B1F404979B / notbefore: Jul 2 14:53:28 2021 GMT / notafter: Jul 2 14:53:28 2026 GMT] kernel. c(1764) : [remote 127.0.0.2:443] AH02275: Certificate Verification, depth 1, CRL checking mode: none (0) [subject: OU=zzz, O=loca, C=DE,ST= NRW,CN= Localhorst intermediat CA / issuer: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE / serial: 1000 / notbefore: Jul 2 14:56:01 2021 GMT / notafter: Jul 2 14:56:01 2023 GMT] O=loca, C=DE,ST= NRW,CN= Localhorst intermediat CA / issuer: CN=Localhorst root CA,OU=local, O=ciss, L=Cologne, ST=NRW, C=DE / serial: 1000 / notbefore: Jul 2 14:56:01 2021 GMT / notafter: Jul 2 14:56:01 2023 GMT] tls_process_ server_ certificate: certificate verify failed t.org:80) .org) .org) from 127.0.0.1 () .org)
[Fri Jul 02 15:59:51.503320 2021] [ssl:debug] [pid 61838:tid 140404689173568] ssl_engine_
[Fri Jul 02 15:59:51.504788 2021] [ssl:debug] [pid 61838:tid 140404689173568] ssl_engine_
[Fri Jul 02 15:59:51.520258 2021] [ssl:debug] [pid 61839:tid 140404689173568] ssl_engine_
[Fri Jul 02 15:59:51.520282 2021] [ssl:debug] [pid 61839:tid 140404689173568] ssl_engine_
[Fri Jul 02 15:59:51.521114 2021] [mpm_event:notice] [pid 61839:tid 140404689173568] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Fri Jul 02 15:59:51.521138 2021] [core:notice] [pid 61839:tid 140404689173568] AH00094: Command line: '/usr/sbin/apache2 -d /etc/apache2-proxy'
[Fri Jul 02 15:59:51.527963 2021] [proxy:debug] [pid 61840:tid 140404689173568] proxy_util.c(1933): AH00925: initializing worker https:/
[Fri Jul 02 15:59:51.527991 2021] [proxy:debug] [pid 61840:tid 140404689173568] proxy_util.c(1990): AH00927: initializing worker https:/
[Fri Jul 02 15:59:51.528002 2021] [proxy:debug] [pid 61840:tid 140404689173568] proxy_util.c(2024): AH00930: initialized pool in child 61840 for (own.localhorst
[Fri Jul 02 15:59:51.528973 2021] [proxy:debug] [pid 61841:tid 140404689173568] proxy_util.c(1933): AH00925: initializing worker https:/
[Fri Jul 02 15:59:51.529009 2021] [proxy:debug] [pid 61841:tid 140404689173568] proxy_util.c(1990): AH00927: initializing worker https:/
[Fri Jul 02 15:59:51.529067 2021] [proxy:debug] [pid 61841:tid 140404689173568] proxy_util.c(2024): AH00930: initialized pool in child 61841 for (own.localhorst
[Fri Jul 02 15:59:58.640750 2021] [authz_core:debug] [pid 61840:tid 140404561278720] mod_authz_
[Fri Jul 02 15:59:58.640838 2021] [proxy:debug] [pid 61840:tid 140404561278720] mod_proxy.c(1253): [client 127.0.0.1:48808] AH01143: Running scheme https handler (attempt 0)
[Fri Jul 02 15:59:58.640859 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(2325): AH00942: HTTPS: has acquired connection for (own.localhorst
[Fri Jul 02 15:59:58.640865 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(2379): [client 127.0.0.1:48808] AH00944: connecting https:/
[Fri Jul 02 15:59:58.640995 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(2588): [client 127.0.0.1:48808] AH00947: connected / to own.localhorst.
[Fri Jul 02 15:59:58.641077 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(3054): AH02824: HTTPS: connection established with 127.0.0.2:443 (own.localhorst
[Fri Jul 02 15:59:58.641096 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(3240): AH00962: HTTPS: connection complete to 127.0.0.2:443 (own.localhorst
[Fri Jul 02 15:59:58.641103 2021] [ssl:info] [pid 61840:tid 140404561278720] [remote 127.0.0.2:443] AH01964: Connection to child 0 established (server proxy.localhors
[Fri Jul 02 15:59:58.654018 2021] [ssl:debug] [pid 61840:tid 140404561278720] ssl_engine_
[Fri Jul 02 15:59:58.654233 2021] [ssl:debug] [pid 61840:tid 140404561278720] ssl_engine_
[Fri Jul 02 15:59:59.101482 2021] [ssl:error] [pid 61840:tid 140404561278720] (EAI 2)Name or service not known: [remote 127.0.0.2:443] AH01972: could not resolve address of OCSP responder pki.sparklingca.com
[Fri Jul 02 15:59:59.101790 2021] [ssl:info] [pid 61840:tid 140404561278720] [remote 127.0.0.2:443] AH02276: Certificate Verification: Error (50): application verification failure [subject: OU=zzz,
[Fri Jul 02 15:59:59.102021 2021] [ssl:info] [pid 61840:tid 140404561278720] [remote 127.0.0.2:443] AH02003: SSL Proxy connect failed
[Fri Jul 02 15:59:59.102080 2021] [ssl:info] [pid 61840:tid 140404561278720] SSL Library Error: error:1416F086:SSL routines:
[Fri Jul 02 15:59:59.102099 2021] [ssl:info] [pid 61840:tid 140404561278720] [remote 127.0.0.2:443] AH01998: Connection closed to child 0 with abortive shutdown (server proxy.localhors
[Fri Jul 02 15:59:59.102185 2021] [ssl:info] [pid 61840:tid 140404561278720] [remote 127.0.0.2:443] AH01997: SSL handshake failed: sending 502
[Fri Jul 02 15:59:59.102202 2021] [proxy:error] [pid 61840:tid 140404561278720] (20014)Internal error (specific information not available): [client 127.0.0.1:48808] AH01084: pass request body failed to 127.0.0.2:443 (own.localhorst
[Fri Jul 02 15:59:59.102226 2021] [proxy:error] [pid 61840:tid 140404561278720] [client 127.0.0.1:48808] AH00898: Error during SSL Handshake with remote server returned by /
[Fri Jul 02 15:59:59.102239 2021] [proxy_http:error] [pid 61840:tid 140404561278720] [client 127.0.0.1:48808] AH01097: pass request body failed to 127.0.0.2:443 (own.localhorst
[Fri Jul 02 15:59:59.102252 2021] [proxy:debug] [pid 61840:tid 140404561278720] proxy_util.c(2340): AH00943: HTTPS: has released connection for (own.localhorst
- - - - - - - - - - - - - - - - - - - - - - - - -
install the patched apache
:~# dpkg -i apache2_ 2.4.41- 4ubuntu3. 3_amd64. deb apache2- bin_2.4. 41-4ubuntu3. 3_amd64. deb apache2- data_2. 4.41-4ubuntu3. 3_all.deb apache2- utils_2. 4.41-4ubuntu3. 3_amd64. deb
:~# systemctl restart <email address hidden>
:~# systemctl restart <email address hidden>
:~# curl http:// proxy.localhors t.org
own
worked for me without an error
hopfully this will help to get some more clear.
reagrads horst