Bug 1029787
Summary: | proxy setup not working with mod_ssl | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaleem <ksiddiqu> | ||||
Component: | doc-Migration_Planning_Guide | Assignee: | Laura Bailey <lbailey> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | ecs-bugs | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 7.0 | CC: | jgalipea, jorton, ksiddiqu, lmiksik, mharmsen, nsoman, rcritten | ||||
Target Milestone: | rc | Keywords: | Documentation, Reopened | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-03-09 12:11:39 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Kaleem
2013-11-13 08:33:59 UTC
This is probably the relevant error: [Wed Nov 13 13:50:10.048409 2013] [ssl:info] [pid 27219] [remote ::1:10443] AH02411: SSL Proxy: Peer certificate does not match for hostname localhost Either set "SSLProxyVerify off" or use SSLProxyMachineCertificateFile to trust the CA which signs the backend server's certificate. http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxyverify http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxymachinecertificatefile Please let us know if that doesn't work. I did tried above parameters which did not worked. But when i changed the "localhost" string with "hostname of machine" in ssl_proxy.conf, it works now. ssl_proxy.conf with "localhost" worked on RHEL-6.5 but not working on RHEL-7.0. I think this behaviour change for ssl_proxy.conf should be documented. Sorry... it is "SSLProxyCheckPeerName on" which should fix this, my mistake. http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeername Yes it should go into the migration guide. reopening the bug and targeting Documenation This bug was not in the correct component and did not come to my attention until after work for RHEL 7.0 was already complete. I've moved it to the correct component and added a flag to propose this change for the RHEL 7.1 documentation. Hopefully this is not too great an inconvenience. Cheers, Laura B |