httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "toadie D" <toadie...@gmail.com>
Subject Re: [users@httpd] Apache and client certs
Date Sat, 30 Dec 2006 07:45:54 GMT
It is possible to use reverse proxy to pass a PEM Encoded Certificate as a
HTTP header to a backend server.

Make sure you have this directive in your config file

SSLOptions +ExportCertData

Then use mod_headers to  set the header

RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s


You can find more info here
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html

One caveat, depending on which version of apache you use (2.0.x or 2.2.x),
the PEM encoded Certificate may across a bit strange (ie.  not conforming to
multiline HTTP header).  So you may see your header looking like this

MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of
base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data]
.....  ---- END CERTIFICATE -----

Mime
View raw message