RewriteProxy over SSL
6 posts
• Page 1 of 1
RewriteProxy over SSL
Hi, I'm having trouble getting a proxy to work with SSL. The certificate on the destination server is from a trusted CA (Network Solutions). I've read a few different threads but to no avail so far. I keep getting a 500 Internal Server Error and I'm at a loss.
I have tried installing the certificate from the destination server in my server (Local Computer) store under Trusted Root Certification Authorities, Intermediate Certification Authorities and even under Trusted Publishes but I get the 500 error every time.
I have verified that the certificate is installed on the destination server correctly and that if I go to it in a browser it works with no warnings. I've examined the certificate and the certificate chain is properly returned as well. Here is my configuration, I have made it as simple as possible at this point. (note, hostnames and IP's have been changed for security purposes)
It should be noted that if I change it from https to http this works so I'm fairly certain that the syntax is generall correct. There's nothing in the error log other than startup messages. When I crank up the logging to 9 and debug levels here is what I get in my rewrite log file
Any help would be greatly appreciated. We're striving to launch with this soon and this is a major hold up.
Thanks in advance
-Joel
I have tried installing the certificate from the destination server in my server (Local Computer) store under Trusted Root Certification Authorities, Intermediate Certification Authorities and even under Trusted Publishes but I get the 500 error every time.
I have verified that the certificate is installed on the destination server correctly and that if I go to it in a browser it works with no warnings. I've examined the certificate and the certificate chain is properly returned as well. Here is my configuration, I have made it as simple as possible at this point. (note, hostnames and IP's have been changed for security purposes)
- Code: Select all
RewriteProxy ^/bookings(.*)$ https://mysite.example.com$1 [H,NC]
It should be noted that if I change it from https to http this works so I'm fairly certain that the syntax is generall correct. There's nothing in the error log other than startup messages. When I crank up the logging to 9 and debug levels here is what I get in my rewrite log file
- Code: Select all
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) init rewrite engine with requested uri /bookings/purchase.php?product=30
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Htaccess process request C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^/httpd(?:\.ini|\.parse\.errors).*$' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^(.*)/eurl.axd/[a-f0-9]{32}(.*)$' to uri '/bookings/purchase.php?product=30'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/robots.txt.*)' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/robots.txt.*)' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '(?i:/bvadmin(.*))' to uri '/bookings/purchase.php?product=30'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Htaccess process request
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (3) applying pattern '^/bookings(.*)$' to uri '/bookings/purchase.php'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) forcing proxy-throughput with https://mysite.example.com/purchase.php?product=30
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) go-ahead with proxy request https://mysite.example.com/purchase.php?product=30 [OK]
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (1) Rewrite URL to >> /bookings/purchase.phpx.rwhlp?p=18
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) rewrite '/bookings/purchase.php' -> '/bookings/purchase.phpx.rwhlp?p=18'
1.1.1.1 1.1.1.1 Wed, 23-Oct-2013 14:44:06 GMT [testsite.example.com/sid#650001747][rid#64917528/initial] (2) internal redirect with /bookings/purchase.phpx.rwhlp?p=18 [INTERNAL REDIRECT]
Any help would be greatly appreciated. We're striving to launch with this soon and this is a major hold up.
Thanks in advance
-Joel
Re: RewriteProxy over SSL
Hello,
Please try to remove the H flag.
And un-tick the Suppress Errors option in Proxy settings to see the error message behind 500 error.
Please try to remove the H flag.
And un-tick the Suppress Errors option in Proxy settings to see the error message behind 500 error.
Re: RewriteProxy over SSL
Hi Anton, thanks for the response.
Both with and without the H I receive this message after changing SupressErrors to off
Both with and without the H I receive this message after changing SupressErrors to off
- Code: Select all
Error in ISAPI_Rewrite helper ISAPI extension.
12175 - A security error occurred
File: .\AsyncProxyContext.cpp, Line: 1093.
Intrenal Error
Re: RewriteProxy over SSL
Hello,
MSDN says the following about this error:
ERROR_WINHTTP_SECURE_FAILURE
12175
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.
So, you need to check how your certificate is configured, as it has nothing to do with ISAPI_Rewrite.
MSDN says the following about this error:
ERROR_WINHTTP_SECURE_FAILURE
12175
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.
So, you need to check how your certificate is configured, as it has nothing to do with ISAPI_Rewrite.
Re: RewriteProxy over SSL
One more thing:
on server with ISAPI_Rewrite run Internet Explorer go to Trusted Certificates dialog and add your certificate there (if it hasn't been done yet).
on server with ISAPI_Rewrite run Internet Explorer go to Trusted Certificates dialog and add your certificate there (if it hasn't been done yet).
Re: RewriteProxy over SSL
Hi Anton,
I finally was able to get this done correctly. Adding the certificate in Internet Explorer does not do anything for the proxy as that is added to the user store that one is logged on as. What got it to work was to add the certificate to the Trusted Certificate Authorities store for the local computer account.
Thanks for your help!
I finally was able to get this done correctly. Adding the certificate in Internet Explorer does not do anything for the proxy as that is added to the user store that one is logged on as. What got it to work was to add the certificate to the Trusted Certificate Authorities store for the local computer account.
Thanks for your help!
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 9 guests