It is possible to use reverse proxy to pass a PEM Encoded Certificate as a
HTTP header to a backend server.
Make sure you have this directive in your config file
SSLOptions +ExportCertData
Then use mod_headers to set the header
RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
You can find more info here
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
here http://httpd.apache.org/docs/2.2/mod/mod_headers.html
One caveat, depending on which version of apache you use (2.0.x or 2.2.x),
the PEM encoded Certificate may across a bit strange (ie. not conforming to
multiline HTTP header). So you may see your header looking like this
MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of
base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data]
..... ---- END CERTIFICATE -----
