Hi everybody,
i'm currently configuring mutual authentication between an Apache2.2
Reverse Proxy and another backend Webserver product.
the link channel is :
User BROWSER --HTTPS(simple auth)--> Reverse Proxy (Apache2.2) -->
HTTPS(mutual auth) --> Backend webserver
The client certificate i use has been signed by an intermediate
authority (the chain is composed by 4 CA).
Unfortunately, the backend server can only send the top level CA's DN in
the "Acceptable client certificate CA names" as part of the TLS proposal
process.
Moreover, it seems that Apache2.2 needs all the DN of the CA authorities
that constitute the CA chain in this proposal.
Actually, if it's not the case, Apache2.2 does not select any certificate :
>> Proxy client certificate callback: (mywebsite.mydomain.com:443) no
client certificate found!?
This config is working great when the backend server is also an
Apache2.2 webserver.
So first, is it correct ? and if it's not, what do i need to configure
the web server in order to make it working!
Thanks in advance,
PS :
You can find here-below some of my reverse proxy vhost config :
SSLEngine on
SSLCertificateFile my_ssl_server_certificate.crt
SSLCertificateKeyFile my_ssl_server_key.key
SSLCACertificateFile my_ssl_server_ca.pem
SSLProxyEngine on
SSLProxyMachineCertificateFile my_ssl_client_cert_and_key.pem
SSLProxyVerify require
SSLProxyVerifyDepth 3
SSLProxyCACertificateFile backend_ca_cert.pem
François S.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
