axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Hatton" <khat...@axiomsystems.com>
Subject RE: Proxying SSL certificates
Date Wed, 17 Dec 2003 12:25:24 GMT
<snip>
I think I will have to give up and duplicate client certificates on both 
servers. If I am right, the information obtained from the browser 
certificate chain will not be enough for stablishing a secure connection 
with the backend server, as it lacks the key necessary to encrypt / 
decrypt the messages :-(
</snip>

I think you are right, your "middle-tier" (front-end) web service cannot sign the client's
certificate when asked for it by the back-end service.

If you can configure the back-end to trust the front-end, and the front-end trusts the client
certificate, maybe you can send some end-user information (e.g. the DN of the end-user certificate)
to the back-end along with your request, and as the back-end trusts you, this information
can be regarded as trustworthy. But I think that depends on you being able to tweak the back-end
service.

Hope this helps
Keith

Mime
View raw message