Thanks for the responses guys. Willem - you're 2nd point is actually how we do it.
Our reverse proxy is connecting to our own back end in a more secure zone. Effectively what I need: *Client sends the message* Client sends a SOAP message to our Camel-Reverse Proxy. The connection will terminate. This message is encrypted with a SSL Server Certificate from our certificate authority, and it also comes with a client certificate which gives them access to our server. *Reverse Proxy (Camel Implementation)* Camel will receive the message from the client, look at the client certificate that was attached and then re-attach the same one from it's own store, or another one based on a mapping. This is a generic reverse proxy. This is an allowed and valid secure architecture - and we own our own certificate authority which governs multiple certificates - our clients use our certificates when they connect to us. The clients never create their own certificates - we issue them to them. For an example: client will send a SOAP message to / http://myserver.gov.ca/RP01/MCCI_001001001/ where camel is listening. Camel will take the message, do some work on it, and re-route it to: /http://mybroker.gov.ca/BR01/MCCI_001001001/ The server Camel is on will have access to our certificate authority. I'm just not sure how to wire it all up. I'm developing this on a windows box, which is probably an issue as I'm not sure if windows boxes can use the same key store a linux box can with java. -- View this message in context: http://camel.465427.n5.nabble.com/SSL-Server-Certs-and-Client-certificate-passthrough-tp5732925p5732972.html Sent from the Camel - Users mailing list archive at Nabble.com.
