httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "toadie D" <>
Subject Re: [users@httpd] Apache and client certs
Date Sat, 30 Dec 2006 07:45:54 GMT
It is possible to use reverse proxy to pass a PEM Encoded Certificate as a
HTTP header to a backend server.

Make sure you have this directive in your config file

SSLOptions +ExportCertData

Then use mod_headers to  set the header


You can find more info here and

One caveat, depending on which version of apache you use (2.0.x or 2.2.x),
the PEM encoded Certificate may across a bit strange (ie.  not conforming to
multiline HTTP header).  So you may see your header looking like this

MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of
base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data]
.....  ---- END CERTIFICATE -----

View raw message