Custom certificate does not work for reverse proxy


#1

Hi,

On my client I can do the following curl manually and it works:

curl --insecure --cert my_custom_cert.pem https://myserver.com:8099/my/get/request

But doing it through mitm, where mitm is started like:

*mitmdump --verbose --ssl-insecure --certs =my_custom_cert.pem --mode reverse:https://myserver.com:8099 -p 60189

and on my computer I type in http://127.0.0.1:60189/my/get/request

It always fails with 502 Bad Gateway:
<< Certificate verification error for myserver.com: unable to get local issuer certificate (errno: 20, depth: 1)

I used Wireshark and I could see that mitm failing the handshake with my server, it showed certificate length 0, which suggests it’s not even sending my client certificate for the handshake.

What am I doing wrong?

BTW I did a simple reverse proxy setup in NGINX like this and it worked exactly as expected:

server {
** listen 80;**
** location / {**
** proxy_pass https://myserver:8099;**
** proxy_ssl_certificate /etc/nginx/ssl/my_custom_cert.pem;**
** proxy_ssl_certificate_key /etc/nginx/ssl/my_customer_cert.pem;**
** }**
}

But I really wanted to use mitmdump for all the request/response logging and manipulation that is not native to Nginx.


#2

Just a guess but 127.0.01 might be not hitting the proxy (otherwise mitmweb would not work, except if there is some port filtering)