Здравствуйте! необходимо установить клиентский сертификат для аутентификации на веб-сервисе по TLS.
На компьютере (ос OpenSuse) установлен CryproPro CSP 3.6, установлен клиентский сертификат с привязкой к контейнеру:
Issuer : CN=FCCLANDCS
Subject : 1.2.643.100.1="#120D31303237373339333436353032", 1.2.643.3.131.1.1="#120A37373031303138393232", E=4844@rosinv.rosreestr.ru, C=RU, L=лНЯЙБЮ, O=тцсо ╚пНЯРЕУХМБЕМРЮПХГЮЖХЪ √ тЕДЕПЮКЭМНЕ арх╩, CN=бЕПЕЫЮЦХМ дЛХРПХИ аНПХЯНБХВ, T=гЮЛЕЯРХРЕКЭ ПСЙНБНДХРЕКЪ СОПЮБКЕМХЪ ХМТНПЛЮЖХНММШУ РЕУМНКНЦХИ
Serial : 0xE91200000300C7BE631B
PrivateKey Link: Yes. Container: HDIMAGE\\a7529703.000\F504
В в конфиге апача написал следующее:
...
LoadModule ssl_module /usr/lib64/httpd/modules/mod_digt_tls.so
LoadModule proxy_module /usr/lib64/apache2-prefork/mod_proxy.so
LoadModule proxy_http_module /usr/lib64/apache2-prefork/mod_proxy_http.so
...
ProxyPass /gostsock
https://portal.rosreestr.ru:4433
ProxyPassReverse /gostsock
https://portal.rosreestr.ru:4433
SSLProxyEngine on
SSLProxyCACertificateFile "/etc/apache2/ssl.crt/ca_cert.cer"
SSLProxyMachineCertificateFile "/opt/cprocsp/bin/amd64/dmitriy.cer"
apache стартует, но в логе пишет следующее:
Wed Feb 20 15:05:33 2013] [info] Init: Initializing OpenSSL library
[Wed Feb 20 15:05:33 2013] [info] Init: Seeding PRNG with 0 bytes of entropy
[Wed Feb 20 15:05:33 2013] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Feb 20 15:05:33 2013] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Feb 20 15:05:33 2013] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Feb 20 15:05:33 2013] [info] Init: Initializing (virtual) servers for SSL
[Wed Feb 20 15:05:33 2013] [debug] ssl_engine_init.c(507): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Feb 20 15:05:33 2013] [debug] ssl_engine_init.c(649): Configuring client authentication
[Wed Feb 20 15:05:33 2013] [debug] ssl_engine_init.c(1295): CA certificate: /CN=FCCLANDCS
[Wed Feb 20 15:05:33 2013] [warn] no client certs found for SSL proxyПри коннекте выдаются следующие сообщения:
...
[Wed Feb 20 11:35:11 2013] [debug] ssl_engine_kernel.c(1671): Proxy client certificate callback: (tpnew.rosinv.ru:80) entered
[Wed Feb 20 11:35:11 2013] [warn] Proxy client certificate callback: (tpnew.rosinv.ru:80) downstream server wanted client certificate but none are configured
...
[Wed Feb 20 11:35:11 2013] [info] [client 195.161.118.10] SSL Proxy connect failed
[Wed Feb 20 11:35:11 2013] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Wed Feb 20 11:35:11 2013] [info] [client 195.161.118.10] Connection closed to child 0 with unclean shutdown (server tpnew.rosinv.ru:80)
[Wed Feb 20 11:35:11 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 195.161.118.10:4433 (portal.rosreestr.ru)
[Wed Feb 20 11:35:11 2013] [error] [client 10.192.111.80] proxy: Error during SSL Handshake with remote server returned by /gostsock/cxf/External
[Wed Feb 20 11:35:11 2013] [error] proxy: pass request body failed to 195.161.118.10:4433 (portal.rosreestr.ru) from 10.192.111.80 ()
...
