I need to create an IHS reverse proxy that takes https://server1:6883 and proxies it to https://server2:6883, but unlike other ServerFault questions, the initial connection needs to be https not http. I have the following...
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen 6883
<VirtualHost *:6883>
SSLEnable
SSLProxyEngine On
KeyFile /opt/IBM/HTTPServer/cert/wlpkey.kdb
ProxyPass / https://server2:6883/
</VirtualHost>
but error_log says: SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file. Label='(null)'
I suspect the problem is that I need two KeyFiles: one for proxy recipient and one to enable SSL/TLS.
Assuming your certificate database has the needed certificate you need another directive called SSLServerCErt to tell the SSL virtualhost which certificate it must use for the SSL handshake, for example:
where server1.example.com is the label and the CN of the certificate you have in the keystorage database. Note you need the complete set of certificate, that is, the equivalent of a p12, a private key, a signed certificate and the CA chain.
Also, always add ServerName, specially if you have more than one single virtualhost, it is a good practice nevertheless.