-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Diago,
On 1/24/17 4:41 PM, Christopher Schultz wrote: > Diago, > > On 1/24/17 11:40 AM, Macca, Diego wrote: >> On 1/24/17 8:24 AM, Macca, Diego wrote: >>>> Has somebody of you ever tried to configure certificate >>>> mutual authentication between a MS IIS webserver and a >>>> Tomcat instance? > >>> You want IIS to present a client certificate to Tomcat? Tomcat >>> shouldn't have a problem with that. > >> Yes, that's what I need. Tomcat does not have any problem and it >> works well with Apache. It seems that IIS is not able to >> present the certificate when I configure it as reverse proxy (so >> when it should act as a client). > >>>> Does somebody know if this is even possible in IIS ? > >>> You'd have to configure IIS's HTTP proxy to use a client >>> certificate. > >> Do you know how to configure it ? I mean, IIS does the reverse >> proxy things but I need it also to send the present to Tomcat. > > I don't know at all how to configure it, unfortunately. > > Do you need to have IIS *forward* the actual client's certificate > to Tomcat, or do you want to use a static client cert just from > IIS? If you want to forward the cert, you might find this useful: > https://blogs.msdn.microsoft.com/asiatech/2014/01/27/configuring-arr-w it > > h-client-certificate/ If you want to install a single certificate into the reverse-proxy, perhaps this can help: https://blogs.msdn.microsoft.com/benjaminperkins/2014/06/02/configure-ap plication-request-routing-arr-with-client-certificates/ - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYh8sEAAoJEBzwKT+lPKRYV2sQAJ5dSq7UkrBeaiipMS9VCuPm 1925yNm22ewsPnwNAZ5Vo9koRXbYAg/AVMAHgf1Ge8umrTYAByfno2gtTcuBtJEb DBHlm+9uPI+UZdbTs+GsdfW11nCYFc2DFy0cwDewO+N57h26Ji8MLtbd0SwVtYWG LxwA3chdX6pFc1Q1SlEF0XUT89TNZHL1OJUk5QgY4IxwQHOjqKq+dBv5SmgrEeSp rGkkzL+hL6AGjt4JmT1z+lnSiCZryO1Sn8gEuD8b+bob8t9S4Gmsg2/clVYNdvwL nfvpQYTkuZNawaUQCLmMfGoiLf3c6e3expTB09mtOKZA43c6hLXG9lKaI1/A/kOy Z34S3Uriy+NZaFjyClrrY7AvjjgENS4hQoElDdXXk3PFqOQRz5mSUKQAi1ksM9aK wyC8EYLaME2nO18KpIDcCrJCXTdwPBZCRWqu8QR26Vz0cLlqxd/B7WZLaiJgjzlN 1DZkAgVYdb0UFmbg/d012CVRlsMlMcs6tPaVoh8I8cB80wl/A6s6kQ6xCpGBDmto yfA4rl7STfou/868kx5NZ2/msJvs2DD909RNBbZ625aYTtLash82ttwLX42uTiAp JFJr/wnhGSCibfxmDjVEOoxMIbHTGm1PHF2yvi55aDTF9IyC32JSmlvncI5tedrI l+TLRr57yPiAJ6tOh+5R =ZSq/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org