I did uncomment that earlier this morning...
SSLOptions +StdEnvVars +ExportCertData
And it blew up Jetty, nice huh?
Could the way I have my ordering things in httpd.conf and httpd-ssl.conf
be throwing something off?
Where the httpd-ssl.conf comes first in the httpd.conf, before the
acutual mod_jk stuff?
Thanks for your responses, I appreciate your help
>-----Original Message-----
>From: Serge Dubrouski [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, November 28, 2006 10:53 AM
>To: users@httpd.apache.org
>Subject: Re: [EMAIL PROTECTED] Apache, mod_jk, client
>certificates, and Jetty
>
>On 11/28/06, Lucuk, Pete <[EMAIL PROTECTED]> wrote:
>>
>> I am trying to perform the following...
>>
>>
>Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--
>> ht
>> tps-->Jetty
>>
>> Also, the browser client is passing a client certificate that I want
>> Jetty to have access to perform A&A.
>>
>> Browser version = IE 6
>> Apache version = 2.2.3
>> Mod_jk version = 1.2.19
>> Jetty version = 4.2.9
>>
>> I CAN get the full round trip working under HTTPS, that is not a
>> problem.
>> I CAN *** NOT *** get Jetty to have access to the client
>certificate,
>> Jetty states that it can not find the client certificate.
>>
>> I am confident that Jetty is configured for AJP (round trip in HTTPS
>> work)and client certificates (when the
>> Browser_client_with_client_certificate hits it directly, it works).
>>
>>
>> Not sure if it is a config thing on apache/mod_jk or what.
>>
>>
>> Below is my Apache and mod_jk config, any ideas???...
>>
>> ###########################################################
>> In my httpd.conf file I have the following...
>>
>> # Secure (SSL/TLS) connections
>> Include conf/extra/httpd-ssl.conf
>>
>> <IfModule !mod_jk.c>
>>
>> #LoadModule jk_module modules/mod_jk.so
>> LoadModule jk_module
>> modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so
>>
>> </IfModule>
>>
>>
>> <IfModule mod_jk.c>
>>
>> JkWorkersFile "conf/worker.properties"
>>
>> JkLogFile "logs/mod_jk.log"
>>
>> JkLogLevel info
>>
>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>
>> JkOptions +ForwardKeySize +ForwardURICompat
>>
>> JkExtractSSL On
>> # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator
>> HTTPS # What is the indicator for SSL session (default is
>> SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the
>> indicator for client SSL cipher suit (default is
>> SSL_CIPHER)
>> JkCIPHERIndicator SSL_CIPHER
>> # What is the indicator for the client SSL certificated (default is
>> SSL_CLIENT_CERT)
>> JkCERTSIndicator SSL_CLIENT_CERT
>>
>> </IfModule>
>>
>> ###########################################################
>> In my worker.properties I have...
>>
>> worker.list=jetty
>>
>> #worker.jetty.port=8009
>> worker.jetty.port=5309
>>
>> worker.jetty.host=servera
>>
>> worker.jetty.type=ajp13
>>
>> worker.jetty.lbfactor=1
>>
>>
>> ###########################################################
>> In my httpd-ssl.conf I have...
>>
>> <VirtualHost _default_:5443>
>>
>> #SSLOptions +StdEnvVars +ExportCertData
>
>Uncomment this.
>
>>
>> JkMount /* jetty
>>
>> # General setup for the virtual host
>> DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs"
>> ServerName kftcsu14.ftc.lab:5443
>> ServerAdmin [EMAIL PROTECTED]
>> ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log
>> TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log
>>
>> # SSL Engine Switch:
>> # Enable/Disable SSL for this virtual host.
>> SSLEngine on
>>
>> SSLProxyEngine on
>>
>> SSLCipherSuite
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>> SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem
>> SSLCertificateKeyFile
>> /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem
>>
>> SSLCACertificateFile
>> /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem
>> SSLVerifyClient optional
>>
>>
>> </VirtualHost>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> " from the digest: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
