Ok, so in short ots not possible to mutually authenticate the mod-proxy and a tomcat connector, correct?
I'm needing to convert an ajp configuration to mod-proxy, but a security architect wants the other as well. Thanks, Sent with BlackBerry Work (www.blackberry.com) ________________________________ From: Christopher Schultz <ch...@christopherschultz.net> Sent: Jun 2, 2022 5:05 PM To: users@tomcat.apache.org Subject: Re: Question regarding Tomcat and Apache HTTPD Mod-proxy over SSL [EXTERNAL] On 6/2/22 14:38, Beard, Shawn wrote: > I've never done this. But I think it would go something like this: > To make tomcat take advantages of Client Authentication, require three > certificates. i.e A Server Certificate for Tomcat, Client Certificate > for the browser/Apache and Certificate of the CA which will sign both > the above mentioned certificates. Stop. John: if you aren't using client TLS certs with your end-users, then this is a rathole you don't want to go down. If you *do* need to use client-TLS-auth, then this is correct. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org