Category Archives: aws-api-gateway

Apache configuration AWS API Gateway certificates

I've created an AWS API Gateway and I'm pointing it at a VPS. I want to be able to enable Client-Side SSL Authentication to my VPS. I followed the AWS walkthrough here. I generated a PEM-encoded certificate in the API Gateway console and copied it to my Apache web server. It appears that the certificate and/or vhost configuration is causing a fatal error in the Apache SSL module.

The error log:

[Tue Nov 10 10:53:57.140815 2015] [ssl:info] [pid 7283] AH01914: Configuring server example.com:443 for SSL protocol
[Tue Nov 10 10:53:57.140998 2015] [ssl:trace1] [pid 7283] ssl_engine_init.c(724): Configuring permitted SSL ciphers [!aNULL:!eNULL:!EXP:HIGH:!aNULL]
[Tue Nov 10 10:53:57.141165 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(843): AH01904: Configuring server certificate chain (1 CA certificate)
[Tue Nov 10 10:53:57.141175 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(390): AH01893: Configuring TLS extension handling
[Tue Nov 10 10:53:57.141204 2015] [ssl:emerg] [pid 7283] AH02572: Failed to configure at least one certificate and key for example.com:443
[Tue Nov 10 10:53:57.141226 2015] [ssl:emerg] [pid 7283] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Nov 10 10:53:57.141251 2015] [ssl:emerg] [pid 7283] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

Apache vhost configuration:

<VirtualHost *:443>
    ServerName example.com

    ServerAdmin [email protected]
    DocumentRoot /var/www/example

    DirectoryIndex index.html

    SSLEngine on
    SSLCertificateChainFile ssl/ca.crt
    SSLVerifyDepth 1

    LogLevel info ssl:warn debug trace1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Why won’t my proxy work with AWS API Gateway?

I have an api gateway endpoint and I want to be able to access it from my webpage; the api gateway will response with a string.

I would like to make an ajax request to the endpoint then use the response of that to do my work on the ui.

So in my proxy.conf file, I added:

ProxyPass /proxyme API_ENDPOINT

When I execute:

$.get("API_ENDPOINT")

I get a 404. Am I missing something to make this proxy work? I'm sure that I restarted my apache when I added the proxy.

Please let me know if additional detail is needed.

Edit:

Does it matter if my site is http and gateway is https?

AWS API Gateway 301 redirect prevents Apache ProxyPass of client certs

We have a server that accepts client certs as a means of authentication. This service subsequently runs Apache and then terminates SSL and ProxyPass'es the request onto our API Gateway endpoint.

What we've noticed is that the API Gateway does a 301 redirect and so our client certificate information doesn't get passed along to the endpoint for AWS Lambda to be able to access.

Does anyone know if there is a work around to this?