httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joost de Heer" <sang...@xs4all.nl>
Subject Re: [users@httpd] Can reverse proxy forward digital certificates.
Date Thu, 04 Aug 2005 13:50:18 GMT
>>Hello everybody.
>>
>>Could somebody help me with the following question:
>>
>>In a scenario like this.
>>
>>Client <-----------HTTS----------->Apache reverse
>> proxy<--------------HTTPS------------->Backend
>>
>>Can the reverse proxy fordward the Client Digital certificate to the
>> Backend?
>>If so, what directives do I have  to configure?

The only way to have real client certificate authentication is by setting
the SSLProxyMachineCertificateFile directive. But that is fairly limiting,
since the proxy then has a list of client certificates to use, and it
basically ignores the client certificate sent by the client. The only
other possibility is to have the client certificate authentication on the
reverse proxy. Other methods (like sending a header with the DN) don't
actually authenticate with a client certificate.

You could also use SSLUserName (requires Apache 2.0.51) to use basic
authentication based on client certificate properties.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message