httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Schöchlin>
Subject Re: [users@httpd] Client certificate auth behind f5 loadbalancer
Date Wed, 25 Jun 2014 21:53:33 GMT

in my understanding authentication using client certificates is just a
cryptographic validation of a public/private keypair over a already
established ssl-secured channel.
For example, it is possible to use a official certificate for the ssl
channel and my own ca for client certificate validation.

Meanwhile i tried to find the suitable RFC to get details about this
problem - probably might be
the right one.
Does anybody have the suitable background knowhow of the RFC and mod_ssl
to help me to find out source of the problem?


Am 25.06.2014 21:15, schrieb Jens-U. Mozdzen:
> Hi Marc,
> Zitat von Marc Schöchlin <>:
>> Hello apache-users,
>> i'm trying to implement client certificate authentication behind a f5
>> loadbalancer.
>> My loadbalancer terminates ssl, and dispatches the decrypted
>> communication via network address translation to the backend apache
>> server.
>> The client certificate auth should be performed at the webserver.
>> Unfortunately the "SSLVerifyClient" directive is ignored and access is
>> always granted.
>> It seems that without enabled ssl transport encryption, the logic for
>> "SSLVerifyClient" is deactivated.
>> Any hints?
> yes, your web server is only seeing the plain HTTP traffic - all the
> SSL "stuff" got stripped at the load balancer.
> You're so to speak asking to look at the post stamp of a letter, while
> you only received the content because your mail service already
> unpacked everything and dumped the envelope...
> Regards,
> Jens
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message