httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject Re: [users@httpd] Apache Proxy, Client Certificate, HTTPS, etc. questions?
Date Fri, 10 Nov 2006 22:03:23 GMT
Pete,

On Nov 10, 2006, at 1:38 PM, Lucuk, Pete wrote:

> So we are currently looking for ways to bridge the gap between the our
> Jboss web based application on physical server A and the web browser
> client PCs so that we can perform both...
>
> - HTTPS
> - client certicate A&A
>
> I am currently looking at Apache 2.2.3 and its proxy support to bridge
> the gap.  Almost everything I have read tells me that...
>
> - I CAN do the HTTPS portion
> - but that I can NOT do the client certificate A&A portion
>
> Can you please confirm the above two assumptions and give some  
> input as
> why and why not.  I need to bring the info to my management and  
> formally
> document it.

There are several ways to do this:

1) Use the Apache httpd with mod_proxy to forward HTTP requests in a  
reverse proxy setup. mod_ssl will perform the SSL handshake, and  
insert the client-side certificate information into the forwarded  
requests as custom HTTP request headers. It is then up to your  
application to parse these headers and extract the identity information.

2) Use Apache with mod_jk. The mod_jk module can forward SSL  
connection information to the application server, and I believe this  
includes the client side certificate. This info should then be  
available in the request objects in the same fashion as when the  
HTTPS request arrives directly at the application server.

The above is of course a very brief and general description, and  
adapting this to your specific deployment needs would take work  
significantly beyond the scope of this list.

Regards,

Sander

-- 
sctemme@apache.org            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



Mime
View raw message