tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: Two Way SSL - SSL Offloading at load balancer
Date Thu, 08 Dec 2016 21:56:09 GMT
On 02.12.2016 13:27, Bipin Jethwani wrote:
> We use Spring security and want to use Two Way SSL for a few Jersey based
> REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or
> apache level.
>
> Can we still get access to client certificate at web app level?
>
> On second thought we can live without having access to client cert but can
> we have load-balancer or apache configured to request for client cert only
> for a specific urls?

On second thought, and after checking the Apache httpd configuration directives, you may 
want to look at this :
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifyclient

It seems that, contrary to most SSL-oriented directives, this one /can/ be used at the 
"directory" level (which means also in a <Location> section).

So you could specify it only for some URLs, at the Apache httpd front-end level.


> Is there a standard for this?
>
> -Bipin
>

Hi.

If indeed "SSL is offloaded at load-balancer or apache level", isn't this more a question

for the respective user's list of these products, rather than for the Tomcat user's list ?

If you do need some SSL information at the Tomcat back-end level, and if between your 
Apache httpd front-end, and the Tomcat back-ends, the proxy/balancer module which you are

using is mod_jk, then you will find most pertinent information about passing SSL data from

the front-end to the back-end Tomcat (even if you "terminate" the SSL at the httpd level),

here :
http://tomcat.apache.org/connectors-doc/reference/apache.html



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message