httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Blackman <mark.black...@db.com>
Subject RE: [users@httpd] TLS Proxy client certificates per virtualhost
Date Mon, 03 Oct 2016 09:38:32 GMT
We do extensive multi-tenant hosting inside a single Apache instance (config) and so different
virtualhosts want differential, virtualhost-specific secured proxy connections, client certificates,
yes.

We are probably pushing the sensible limits of what you should be doing inside a single configuration/instance
though.

> -----Original Message-----
> From: Marat Khalili [mailto:mkh@rqc.ru]
> Sent: 30 September 2016 17:33
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] TLS Proxy client certificates per virtualhost
>
> Do you mean proxy _client_ certificates? That is, certificates for
> identifying your proxy to upstream server(s)? Looks like there's indeed
> no option to make them virtual-host dependent. I wonder why do you need
> it.
>
> Local server (proxy or not) certificates can be made virtual-host
> dependent using SSLCertificateFile etc. Likewise, remote server CA
> certificates can be made virtual-host dependent using
> SSLProxyCACertificateFile etc.
>
> --
>
> With Best Regards,
> Marat Khalili
>
> On 30/09/16 17:42, Mark Blackman wrote:
> > Hi,
> >
> > What kind of options do I have if I want to use different SSL proxy
> certificates for different virtual hosts?
> >
> > SSLProxyMachineCertificateFile is close, but only has server scope. What's
> the equivalent for virtualhost context?
> >
> > I have a feeling I have zero options, but would like to confirm that here,
> please.  If so, how much work would it take to provide that?
> >
> > Regards,
> > Mark
> >
> >
> >
> > ---
> > This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately and delete this e-mail. Any unauthorized
> copying, disclosure or distribution of the material in this e-mail is strictly
> forbidden.
> >
> > Please refer to https://www.db.com/disclosures for additional EU
> corporate and regulatory disclosures and to
> http://www.db.com/unitedkingdom/content/privacy.htm for information
> about privacy.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



---
This e-mail may contain confidential and/or privileged information. If you are not the intended
recipient (or have received this e-mail in error) please notify the sender immediately and
delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.

Please refer to https://www.db.com/disclosures for additional EU corporate and regulatory
disclosures and to http://www.db.com/unitedkingdom/content/privacy.htm for information about
privacy.
Mime
View raw message