Skip to Content
0
May 24, 2016 at 07:41 AM

Unable to etablish a SSL Connection between Reverse Proxy and Back-End System

1010 Views

We have copied a Demo21 System with version 1511 from SAP. Now we tried to etablish a SSL scenario between a Apache Reverseproxy and the Demo21 Back-End System, because the internet access from user requests to our ReverseProxy is already working. Then I changed in the SICF transaction the global settings to accept only HTTPS and not switching to HTTP and also changed all necessairly RFC/HTTP connections to HTTPS and Port 44301. Now when Im trying accessing the Fiori Launchpad over the ReverseProxy, it occurs a connection error. The Apache Log from the ReverseProxy displays the following messages:

[Thu Mar 17 14:09:06.942620 2016] [ssl:warn] [pid 4444:tid 1680] AH02268: Proxy client certificate callback: (Abisrv07.ABILITA.LOCAL:443) downstream server wanted client certificate but none are configured
[Thu Mar 17 14:09:06.942620 2016] [proxy:error] [pid 4444:tid 1680] (502)Unknown error: [client 10.50.0.2:52166] AH01084: pass request body failed to 10.50.28.31:44301 (abisap25.abilita.local)
[Thu Mar 17 14:09:06.942620 2016] [proxy:error] [pid 4444:tid 1680] [client 10.50.0.2:52166] AH00898: Error during SSL Handshake with remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 17 14:09:06.942620 2016] [proxy_http:error] [pid 4444:tid 1680] [client 10.50.0.2:52166] AH01097: pass request body failed to 10.50.28.31:44301 (abisap25.abilita.local) from 10.50.0.2 ()

I already tried to manually export the SSL-Server Standard certificate out of the STRUST, and import it to the ReverseProxy, but that didnt help. It seems that the self signed certificate isnt trusted and the issuer isnt trusted, even if I added them to the HKLM Personal and Root Certificate Store.

Does someone have the same scenario and already get rid of this problem?