tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat)>
Subject Re: Two Way SSL - SSL Offloading at load balancer
Date Thu, 08 Dec 2016 21:56:09 GMT
On 02.12.2016 13:27, Bipin Jethwani wrote:
> We use Spring security and want to use Two Way SSL for a few Jersey based
> REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or
> apache level.
> Can we still get access to client certificate at web app level?
> On second thought we can live without having access to client cert but can
> we have load-balancer or apache configured to request for client cert only
> for a specific urls?

On second thought, and after checking the Apache httpd configuration directives, you may 
want to look at this :

It seems that, contrary to most SSL-oriented directives, this one /can/ be used at the 
"directory" level (which means also in a <Location> section).

So you could specify it only for some URLs, at the Apache httpd front-end level.

> Is there a standard for this?
> -Bipin


If indeed "SSL is offloaded at load-balancer or apache level", isn't this more a question

for the respective user's list of these products, rather than for the Tomcat user's list ?

If you do need some SSL information at the Tomcat back-end level, and if between your 
Apache httpd front-end, and the Tomcat back-ends, the proxy/balancer module which you are

using is mod_jk, then you will find most pertinent information about passing SSL data from

the front-end to the back-end Tomcat (even if you "terminate" the SSL at the httpd level),

here :

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message