httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucuk, Pete" <pete.lu...@ngc.com>
Subject [users@httpd] Apache, mod_jk, client certificates, and Jetty
Date Tue, 28 Nov 2006 15:43:11 GMT

I am trying to perform the following...

Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--ht
tps-->Jetty

Also, the browser client is passing a client certificate that I want
Jetty to have access to perform A&A.

Browser version = IE 6
Apache version = 2.2.3
Mod_jk version = 1.2.19
Jetty version = 4.2.9

I CAN get the full round trip working under HTTPS, that is not a
problem.
I CAN *** NOT *** get Jetty to have access to the client certificate,
Jetty states that it can not find the client certificate.

I am confident that Jetty is configured for AJP (round trip in HTTPS
work)and client certificates (when the
Browser_client_with_client_certificate hits it directly, it works).


Not sure if it is a config thing on apache/mod_jk or what.


Below is my Apache and mod_jk config, any ideas???...

###########################################################
In my httpd.conf file I have the following...

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<IfModule !mod_jk.c>

  #LoadModule jk_module  modules/mod_jk.so
  LoadModule jk_module
modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so

</IfModule>


<IfModule mod_jk.c>

  JkWorkersFile "conf/worker.properties"

  JkLogFile "logs/mod_jk.log"

  JkLogLevel info

  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

  JkOptions +ForwardKeySize +ForwardURICompat

JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

</IfModule>

###########################################################
In my worker.properties I have...

worker.list=jetty

#worker.jetty.port=8009
worker.jetty.port=5309

worker.jetty.host=servera

worker.jetty.type=ajp13

worker.jetty.lbfactor=1


###########################################################
In my httpd-ssl.conf I have...

<VirtualHost _default_:5443>

#SSLOptions +StdEnvVars +ExportCertData

JkMount /* jetty

#   General setup for the virtual host
DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs"
ServerName kftcsu14.ftc.lab:5443
ServerAdmin you@example.com
ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log
TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLProxyEngine on 

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem
SSLCertificateKeyFile /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem

SSLCACertificateFile
/data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem
SSLVerifyClient optional


</VirtualHost>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message