RewriteProxy over SSL

[JoelGray Profile]

Hi, I'm having trouble getting a proxy to work with SSL. The certificate on the destination server is from a trusted CA (Network Solutions). I've read a few different threads but to no avail so far. I keep getting a 500 Internal Server Error and I'm at a loss.

I have tried installing the certificate from the destination server in my server (Local Computer) store under Trusted Root Certification Authorities, Intermediate Certification Authorities and even under Trusted Publishes but I get the 500 error every time.

I have verified that the certificate is installed on the destination server correctly and that if I go to it in a browser it works with no warnings. I've examined the certificate and the certificate chain is properly returned as well. Here is my configuration, I have made it as simple as possible at this point. (note, hostnames and IP's have been changed for security purposes)

Code: Select all

RewriteProxy ^/bookings(.*)$ https://mysite.example.com$1 [H,NC]

It should be noted that if I change it from https to http this works so I'm fairly certain that the syntax is generall correct. There's nothing in the error log other than startup messages. When I crank up the logging to 9 and debug levels here is what I get in my rewrite log file

Code: Select all

1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) init rewrite engine with requested uri /bookings/purchase.php?product=30
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Htaccess process request C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^/httpd(?:\.ini|\.parse\.errors).*$' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^(.*)/eurl.axd/[a-f0-9]{32}(.*)$' to uri '/bookings/purchase.php?product=30'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/robots.txt.*)' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/robots.txt.*)' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/bvadmin(.*))' to uri '/bookings/purchase.php?product=30'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Htaccess process request
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^/bookings(.*)$' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) forcing proxy-throughput with https://mysite.example.com/purchase.php?product=30
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) go-ahead with proxy request https://mysite.example.com/purchase.php?product=30 [OK]
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Rewrite URL to >> /bookings/purchase.phpx.rwhlp?p=18
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) rewrite '/bookings/purchase.php' -> '/bookings/purchase.phpx.rwhlp?p=18'
1.1.1.1 1.1.1.1  Wed, 23-Oct-2013  14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) internal redirect with /bookings/purchase.phpx.rwhlp?p=18 [INTERNAL REDIRECT]


Any help would be greatly appreciated. We're striving to launch with this soon and this is a major hold up.

Thanks in advance
-Joel

[Anton]

Hello,

Please try to remove the H flag.
And un-tick the Suppress Errors option in Proxy settings to see the error message behind 500 error.

[JoelGray Profile]

Hi Anton, thanks for the response.

Both with and without the H I receive this message after changing SupressErrors to off

Code: Select all

Error in ISAPI_Rewrite helper ISAPI extension.
12175 - A security error occurred
File: .\AsyncProxyContext.cpp, Line: 1093.
Intrenal Error

[Anton]

Hello,

MSDN says the following about this error:

ERROR_WINHTTP_SECURE_FAILURE
12175
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.

So, you need to check how your certificate is configured, as it has nothing to do with ISAPI_Rewrite.

[Anton]

One more thing:
on server with ISAPI_Rewrite run Internet Explorer go to Trusted Certificates dialog and add your certificate there (if it hasn't been done yet).

[JoelGray Profile]

Hi Anton,

I finally was able to get this done correctly. Adding the certificate in Internet Explorer does not do anything for the proxy as that is added to the user store that one is logged on as. What got it to work was to add the certificate to the Trusted Certificate Authorities store for the local computer account.

Thanks for your help!