httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] Apache and client certs
Date Tue, 02 Jan 2007 14:32:46 GMT
On 1/2/07, Manuela.Vorazzo@ssb.it <Manuela.Vorazzo@ssb.it> wrote:
>
>
> Thanks a lot!
> I've just tested WebSphere PlugIn, but the result is the same as using
> reverse proxy for contact the backend server. It desn't work!!!!
>
> I think that the only solution in a short time for me is to modify my
> webapplication.
> I can made my application asking for client cetificate in the web.xml but
> I don't like it very much!!!!
>
> Is there something else could you suggest me?
>
> If, for example, I could using Tomcat instead of WebSphere, are you sure I
> will be able to pass client certificate information to the application
> server only using mod_ssl and mod_proxy or....... have I to add mod_jk too?



You'll have to use mod_jk.

Please let me know.
>
> Thanks
>
>
> manuciao
>
>
>   *"Serge Dubrouski" <sergeyfd@gmail.com>*
>
> 30/12/2006 16.32   Please respond to
> users@httpd.apache.org
>
>    To
> users@httpd.apache.org  cc
>   Subject
> Re: [users@httpd] Apache and client certs
>
>
>
>
> On 12/30/06, toadie D <toadie643@gmail.com> wrote:
> > It is possible to use reverse proxy to pass a PEM Encoded Certificate as
> a
> > HTTP header to a backend server.
> >
> > Make sure you have this directive in your config file
> >
> > SSLOptions +ExportCertData
> >
> > Then use mod_headers to  set the header
> >
> > RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
> >
> >
> > You can find more info here
> > http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
> > here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html
> >
> > One caveat, depending on which version of apache you use (2.0.x or 2.2.x
> ),
> > the PEM encoded Certificate may across a bit strange (ie.  not
> conforming to
> > multiline HTTP header).
>
> And not recognizable by backend application.
>
> > So you may see your header looking like this
> >
> > MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First
> line of
> > base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded
> data]
> > .....  ---- END CERTIFICATE -----
> >
> >
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

Mime
View raw message