Re: [users@httpd] Apache and client certs

Tue, 02 Jan 2007 06:34:11 -0800 

On 1/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:



Thanks a lot!
I've just tested WebSphere PlugIn, but the result is the same as using
reverse proxy for contact the backend server. It desn't work!!!!

I think that the only solution in a short time for me is to modify my
webapplication.
I can made my application asking for client cetificate in the web.xml but
I don't like it very much!!!!

Is there something else could you suggest me?

If, for example, I could using Tomcat instead of WebSphere, are you sure I
will be able to pass client certificate information to the application
server only using mod_ssl and mod_proxy or....... have I to add mod_jk too?




You'll have to use mod_jk.

Please let me know.


Thanks


manuciao


  *"Serge Dubrouski" <[EMAIL PROTECTED]>*

30/12/2006 16.32   Please respond to
users@httpd.apache.org

   To
users@httpd.apache.org  cc
  Subject
Re: [EMAIL PROTECTED] Apache and client certs




On 12/30/06, toadie D <[EMAIL PROTECTED]> wrote:
> It is possible to use reverse proxy to pass a PEM Encoded Certificate as
a
> HTTP header to a backend server.
>
> Make sure you have this directive in your config file
>
> SSLOptions +ExportCertData
>
> Then use mod_headers to  set the header
>
> RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
>
>
> You can find more info here
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
> here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html
>
> One caveat, depending on which version of apache you use (2.0.x or 2.2.x
),
> the PEM encoded Certificate may across a bit strange (ie.  not
conforming to
> multiline HTTP header).

And not recognizable by backend application.

> So you may see your header looking like this
>
> MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First
line of
> base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded
data]
> .....  ---- END CERTIFICATE -----
>
>
>
>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

















    











					Reply via email to