Hi All,

Currently, i am trying to implement a forward SSL proxy. The client will hit my apache server which in return will hit a IIS Server.

scenarios 1
client(weblogic)--*2 way SSL*--Apache(forward proxy)--*2 way SSL*-- IIS

If i were to implement 1 way ssl, i am able to see the content of the website.

client(weblogic) --- Apache(forward proxy) --- IIS

If i were to launch the web browser from the client machine (with the client certificate imported in the browser), i am able to view the content in the IIS. But if i were to simulate the connection from weblogic server, it just give me end of file exception (response contain no data) on the logs.

Below is my configuration

Listen 8080

<VirtualHost _default_:8080>
ServerName serverA
ErrorLog "logs/ssl_error_log"
CustomLog "logs/ssl_access_log" common
SSLProxyEngine On
SSLProxyMachineCertificateFile /certificate/servercert.cer
SSLProxyCACertificateFile /certificate/rootCA.cer
SSLProxyVerify require
SSLProxyVerifyDepth 10

ProxyRequests On
ProxyVia On
AllowConnect 12345
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>

For 2 way SSL, will the client forward their client certificate to my apache proxy server and apache will on the client behalf forward the client certificate to the IIS server for authenication?

Or the SSL authenication still happen between the client (weblogic) and the end server (IIS) bypassing the proxy server.

Please help.