On 12/30/06, toadie D <[EMAIL PROTECTED]> wrote:
It is possible to use reverse proxy to pass a PEM Encoded Certificate as a HTTP header to a backend server.Make sure you have this directive in your config file SSLOptions +ExportCertData Then use mod_headers to set the header RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s You can find more info here http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and here http://httpd.apache.org/docs/2.2/mod/mod_headers.html One caveat, depending on which version of apache you use (2.0.x or 2.2.x), the PEM encoded Certificate may across a bit strange (ie. not conforming to multiline HTTP header).
And not recognizable by backend application.
So you may see your header looking like this MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data] ..... ---- END CERTIFICATE -----
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
