apache with mod_ssl conection problem

2003-09-04 04:58:20

I just tried to set up a reverse proxy with apache in order to serve
a backend application server with SSL:

request schema:          (client)  -- https -->  (reverse proxy)   -- htpps -->
(application server )

client : IBM OS2 ,  ip :
reverse proxy server:  redhat 7.3, apache 2.0.47 mod_ssl  2.0.47 OpenSSL 0.9.7b,
application server:   NT 4.0, IBM WebSphere 5.0,  ip:
ssl communikation port: 9443

problem description:

The application server require a user authentification every 8 seconds (refresh
cycle for jsp-application).
After this time the session will be closed and the client browser wil restart
with the login page (start page).
In the application server log-file we have a loging entry like: "LOGIN failed".

Why the client authentification will be refused.
How can i store the session key ?.. or where is my fault ?

The parts of my httpd.conf that seem relevant look like:


<IfDefine SSL>
   Listen 9443
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
   SSLPassPhraseDialog  builtin
   SSLSessionCache         dbm:/opt/apache2/logs/ssl_scache
   SSLSessionCacheTimeout  300
   SSLMutex  file:/opt/apache2/logs/ssl_mutex
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin


### Section 3: Virtual Hosts
# Reverse Proxy Entry
<IfModule mod_proxy.c>
ErrorLog /opt/apache2/logs/ssl/ssl-error.log
CustomLog /opt/apache2/logs/ssl/secured_access.log "combined"

 ProxyRequests on
 SSLProxyEngine on
  ProxyPass             /
  ProxyPassReverse      /

  SSLEngine on
  SSLProxyProtocol all
  SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
  LogLevel debug
# End of Reverse Proxy Entry

AddDefaultCharset Off
SSLEngine off

have someone a idea or a tip for me ?

i would be very pleased by some help.

Thank a lot

Diese E-Mail kann vertrauliche und/oder rechtlich geschützte
Informationen enthalten. Wenn Sie nicht der richtige Adressat sind
oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.

To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the

<Prev in Thread] Current Thread [Next in Thread>
  • apache with mod_ssl conection problem, i . guenes <=