www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@fnmt.es
Subject Re: Proxying client certificate
Date Fri, 04 Oct 2002 13:49:58 GMT

Thanks a lot!

It's very helpful for me.


Miguel Ángel.

Manon Goo <manon@manon.de>
04/10/2002 13:05

Por favor, responda a modproxy-dev@apache.org; Por favor, responda a Manon Goo

Destinatarios:     modproxy-dev@apache.org
CC:      (cci: Miguel Ángel Peña Piñón/Madrid/FNMT)

Asunto:   Re: Proxying client certificate

I do not know if this works
but I would try using mod_rewrite
and rewrite
/ to http://user@realhost/

Where user is extracted from the x509 DN

--On Freitag, 4. Oktober 2002 8:46 Uhr +0200 mapp@fnmt.es wrote:

> Hello all,
> I'm trying to do the following and I don't success:
> I want to authenticate users against a Apache 2.0.40 proxy using SSL with
> client certificate authentication. Beyond the proxy, there is a Web
> server in militarized zone and I want to forward the X.509v3 user
> certificate to this Web server, in order to perform access control.
> I have tried to configure the proxy with SSL and client authentication
> using certs and the Web server with SSL (without authentication) and, of
> course, this doesn't work since two different SSL contexts are
> established: Browser->Proxy and  Proxy->SSL, so the information about the
> SSL channel in the Web server has nothing to do with the browser -> the
> server doesn't receive the user certificate.
> I have also tried to configure the proxy with SSL and client
> authentication with certs and the Web server without SSL. This works but,
> obviously, the information about the SSL channel established between the
> browser and the proxy is not forwarded to the Web server.
> I've set "SSLOptions" to  "+StdEnvVars +CompatEnvVars +ExportCertData"
> in the proxy and I wonder if it is possible to forward the environment
> variables from the proxy to the Web server.
> Can any of you give me any ideas?
> Thanks in advance,
> Miguel Ángel Peña.

View raw message