Category Archives: aws-api-gateway

Apache configuration AWS API Gateway certificates

I've created an AWS API Gateway and I'm pointing it at a VPS. I want to be able to enable Client-Side SSL Authentication to my VPS. I followed the AWS walkthrough here. I generated a PEM-encoded certificate in the API Gateway console and copied it to my Apache web server. It appears that the certificate and/or vhost configuration is causing a fatal error in the Apache SSL module.

The error log:

[Tue Nov 10 10:53:57.140815 2015] [ssl:info] [pid 7283] AH01914: Configuring server for SSL protocol
[Tue Nov 10 10:53:57.140998 2015] [ssl:trace1] [pid 7283] ssl_engine_init.c(724): Configuring permitted SSL ciphers [!aNULL:!eNULL:!EXP:HIGH:!aNULL]
[Tue Nov 10 10:53:57.141165 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(843): AH01904: Configuring server certificate chain (1 CA certificate)
[Tue Nov 10 10:53:57.141175 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(390): AH01893: Configuring TLS extension handling
[Tue Nov 10 10:53:57.141204 2015] [ssl:emerg] [pid 7283] AH02572: Failed to configure at least one certificate and key for
[Tue Nov 10 10:53:57.141226 2015] [ssl:emerg] [pid 7283] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Nov 10 10:53:57.141251 2015] [ssl:emerg] [pid 7283] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

Apache vhost configuration:

<VirtualHost *:443>

    ServerAdmin [email protected]
    DocumentRoot /var/www/example

    DirectoryIndex index.html

    SSLEngine on
    SSLCertificateChainFile ssl/ca.crt
    SSLVerifyDepth 1

    LogLevel info ssl:warn debug trace1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Why won’t my proxy work with AWS API Gateway?

I have an api gateway endpoint and I want to be able to access it from my webpage; the api gateway will response with a string.

I would like to make an ajax request to the endpoint then use the response of that to do my work on the ui.

So in my proxy.conf file, I added:

ProxyPass /proxyme API_ENDPOINT

When I execute:


I get a 404. Am I missing something to make this proxy work? I'm sure that I restarted my apache when I added the proxy.

Please let me know if additional detail is needed.


Does it matter if my site is http and gateway is https?

AWS API Gateway 301 redirect prevents Apache ProxyPass of client certs

We have a server that accepts client certs as a means of authentication. This service subsequently runs Apache and then terminates SSL and ProxyPass'es the request onto our API Gateway endpoint.

What we've noticed is that the API Gateway does a 301 redirect and so our client certificate information doesn't get passed along to the endpoint for AWS Lambda to be able to access.

Does anyone know if there is a work around to this?