Re: Mutual authentication between Apache HTTP server and an application server.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 12, 2018 at 5:16 PM, Naveen Nandyala - Vendor
<Naveen.Nandyala@xxxxxxxxxxx> wrote:
>
> Below is my vhose entry.
>
> <VirtualHost *>
>     ServerName Virtual:443
>     SetEnv vhostname virtual
>     Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; HttpOnly;secure" env=BALANCER_ROUTE_CHANGED
>     Include <PROXY FILE>
> Include /u/applic/tc/HTTP/config/conf/secure.conf
>     SSLCertificateFile /u/applic/tc/HTTP/config/ssl/Apachecertificate.pem
>     SSLCertificateKeyFile /u/applic/tc/HTTP/config/ssl/Apachecertificate.key
> SSLProxyEngine on
> SSLProxyCACertificateFile /tmp/was.crt
> SSLProxyVerify require
> SSLProxyVerifyDepth  2
> </VirtualHost>
>
> From beginning All I was looking for is mutual authentication between Apache and Websphere application server.
> I've added Apachecertificate Root certificate in WAS which is 3rd party signed.

For now there is no SSLProxyMachineCertificateFile in your
configuration (because we asked you to care only about the proxy
authenticating the server), so in the meantime you should also disable
SSLVerifyClient on the Websphere side (otherwise it will ask for a
client certificate which the proxy doesn't provide yet).

I tried the above with a self signed cert for
SSLProxyCACertificateFile and it worked.

Once it also works in your case, you can then configure the proxy to
send its certificate+key when requested to:
- SSLProxyMachineCertificateFile /path/to/proxy.crt+key

And re-enable client authentication on the websphere:
- SSLVerifyClient on
- SSLCACertificateFile /path/to/proxy.ca.crt


Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux