Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 5156 invoked from network); 28 Nov 2006 15:43:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Nov 2006 15:43:53 -0000 Received: (qmail 44982 invoked by uid 500); 28 Nov 2006 15:43:50 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 44955 invoked by uid 500); 28 Nov 2006 15:43:50 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 44940 invoked by uid 99); 28 Nov 2006 15:43:50 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Nov 2006 07:43:50 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of pete.lucuk@ngc.com designates 208.12.122.34 as permitted sender) Received: from [208.12.122.34] (HELO xmrc0101.northgrum.com) (208.12.122.34) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Nov 2006 07:43:34 -0800 Received: from xbhc0001.northgrum.com ([157.127.103.72]) by xmrc0101.northgrum.com with InterScan Message Security Suite; Tue, 28 Nov 2006 07:48:56 -0800 Received: from xbhv4801.northgrum.com ([158.114.112.119]) by xbhc0001.northgrum.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Nov 2006 07:43:12 -0800 Received: from XMBV4801.northgrum.com ([158.114.112.41]) by xbhv4801.northgrum.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Nov 2006 10:43:11 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Tue, 28 Nov 2006 10:43:11 -0500 Message-ID: <52F6AB54F39902489F13FEB65D9EB56D018BB06C@XMBV4801.northgrum.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Apache, mod_jk, client certificates, and Jetty Thread-Index: AccTA+jeZ4emzhfURcGSSahtQcIu4g== From: "Lucuk, Pete" To: X-OriginalArrivalTime: 28 Nov 2006 15:43:11.0480 (UTC) FILETIME=[E8CB0F80:01C71303] X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Apache, mod_jk, client certificates, and Jetty I am trying to perform the following... Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--ht tps-->Jetty Also, the browser client is passing a client certificate that I want Jetty to have access to perform A&A. Browser version =3D IE 6 Apache version =3D 2.2.3 Mod_jk version =3D 1.2.19 Jetty version =3D 4.2.9 I CAN get the full round trip working under HTTPS, that is not a problem. I CAN *** NOT *** get Jetty to have access to the client certificate, Jetty states that it can not find the client certificate. I am confident that Jetty is configured for AJP (round trip in HTTPS work)and client certificates (when the Browser_client_with_client_certificate hits it directly, it works). Not sure if it is a config thing on apache/mod_jk or what. Below is my Apache and mod_jk config, any ideas???... ########################################################### In my httpd.conf file I have the following... # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf #LoadModule jk_module modules/mod_jk.so LoadModule jk_module modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so JkWorkersFile "conf/worker.properties" JkLogFile "logs/mod_jk.log" JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardKeySize +ForwardURICompat JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT ########################################################### In my worker.properties I have... worker.list=3Djetty #worker.jetty.port=3D8009 worker.jetty.port=3D5309 worker.jetty.host=3Dservera worker.jetty.type=3Dajp13 worker.jetty.lbfactor=3D1 ########################################################### In my httpd-ssl.conf I have... #SSLOptions +StdEnvVars +ExportCertData JkMount /* jetty # General setup for the virtual host DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs" ServerName kftcsu14.ftc.lab:5443 ServerAdmin you@example.com ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProxyEngine on=20 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem SSLCertificateKeyFile /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem SSLCACertificateFile /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem SSLVerifyClient optional --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org