I've never done this. But I think it would go something like this:
To make tomcat take advantages of Client Authentication, require three
certificates. i.e A Server Certificate for Tomcat, Client Certificate for the
browser/Apache and Certificate of the CA which will sign both the above
mentioned certificates.
Then you might need to import these into each others trust/keystore
Tomcat connector config would need to have something like this, note the
cleintAuth="true"
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" scheme="https" secure="true"
truststoreFile="path/to/truststorefile" truststorePass="password"
keystoreFile="path/to/keystorefile" keystorePass="password"
clientAuth="true" sslProtocol="TLSv1.2"
/>
Shawn Beard • Sr. Systems Engineer
Middleware Engineering
[cid:[email protected]]
3840 109th Street , Urbandale , IA 50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email: [email protected]<mailto:[email protected]>
Website: https://berkleytechnologyservices.com/
[cid:[email protected]]
Technology Leadership Unleashing Business Potential
-----Original Message-----
From: [email protected]
<[email protected]>
Sent: Thursday, June 2, 2022 1:21 PM
To: [email protected]
Subject: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL
[EXTERNAL]
** CAUTION: External message
I'm trying to figure out if there is a way to use certificates between Tomcat
and Apache for mutual authentication of the mod-proxy connection to Tomcat.
This would be similar as to how you can setup the WebSphere plugin to
communicate with WebSphere over a mutually secured connection. Is this possible
with Apache HTTPD and Tomcat over mod-proxy?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
[email protected]<mailto:[email protected]>
This message may contain confidential and/or privileged information. If you are
not the addressee or authorized to receive this for the addressee, you must not
use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain
private, privileged and confidential information belonging to the sender. The
information therein is solely for the use of the addressee. If your receipt of
this transmission has occurred as the result of an error, please immediately
notify us so we can arrange for the return of the documents. In such
circumstances, you are advised that you may not disclose, copy, distribute or
take any other action in reliance on the information transmitted.
