That was my thought also, but wouldn’t that then require the end-users to also have certificates? Or would it just be Apache HTTPD? Basically the end users connection terminates at the proxy, and the proxy uses its own connection to pass it thru. Is that right?
Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: Beard, Shawn <sbe...@wrberkley.com.INVALID> Sent: Thursday, June 2, 2022 1:39 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: RE: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL [EXTERNAL] I've never done this. But I think it would go something like this: To make tomcat take advantages of Client Authentication, require three certificates. i.e A Server Certificate for Tomcat, Client Certificate for the browser/Apache and Certificate of the CA which will sign both the above mentioned certificates. Then you might need to import these into each others trust/keystore Tomcat connector config would need to have something like this, note the cleintAuth="true" <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" truststoreFile="path/to/truststorefile" truststorePass="password" keystoreFile="path/to/keystorefile" keystorePass="password" clientAuth="true" sslProtocol="TLSv1.2" /> Shawn Beard • Sr. Systems Engineer Middleware Engineering [cid:image673978.png@4BD479EE.2F6A6ED7] 3840 109th Street , Urbandale , IA 50322 Phone: +1-515-564-2528<tel:+1-515-564-2528> Email: sbe...@wrberkley.com<mailto:sbe...@wrberkley.com> Website: https://berkleytechnologyservices.com/ [cid:image749241.jpg@C8087C5D.3210F22C] Technology Leadership Unleashing Business Potential -----Original Message----- From: jonmcalexan...@wellsfargo.com.INVALID<mailto:jonmcalexan...@wellsfargo.com.INVALID> <jonmcalexan...@wellsfargo.com.INVALID<mailto:jonmcalexan...@wellsfargo.com.INVALID>> Sent: Thursday, June 2, 2022 1:21 PM To: users@tomcat.apache.org<mailto:users@tomcat.apache.org> Subject: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL [EXTERNAL] ** CAUTION: External message I'm trying to figure out if there is a way to use certificates between Tomcat and Apache for mutual authentication of the mod-proxy connection to Tomcat. This would be similar as to how you can setup the WebSphere plugin to communicate with WebSphere over a mutually secured connection. Is this possible with Apache HTTPD and Tomcat over mod-proxy? Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com%3cmailto:jonmcalexan...@wellsfargo.com>> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.