am I mistaken? David Lang On Fri, 22 Apr 2005, Niccolo' Manfrini wrote:
Andrea Palmieri wrote:I'am using Apache as a reverse proxy to hide several backend servers which host several application https://myapache/name1/application_a <https://myapache/name1/application_a> -> http://ipserver1/application_a <http://ipserver1/application_a> https://myapache/name1/application_b <https://myapache/name1/application_b> -> http://ipserver1/application_b <http://ipserver1/application_b> https://myapache/name2/application_c <https://myapache/name2/application_c> -> http://ipserver2/application_c <http://ipserver2/application_c> I'am using SSL client authentication with x509 certificates to authenticate users. I was wondering if I can use different CA certificate files (one for each back-end server) to authenticate users' client certificates.example users accessing application_a are authenticated using CertCA1 users accessing application_b are authenticated using CertCA1 users accessing application_c are authenticated using CertCA2The SSLCACertificateFile directive is used to set CA certificate files, but it can't be used within a <Location> context !Any suggestion or idea is really appreciatedAndreaMaybe you can add to your dns service configuration three CNAME values that point to your reverse proxy server name. For example:application_a.mydomain.com, application_b.mydomain.com, application_c.mydomain.comshould resolve to: reverse_proxy.mydomain.comThen in append in your reverse proxy httpd.conf three VirtualHosts definitions:<VirtualHost *:443> ServerName application_a.mydomain.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/CertCA1.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ProxyPass / http://myinternal_server/application_a/ ProxyPassReverse / http://myinternal_server/application_a/ </VirtualHost> <VirtualHost *:443> ServerName application_b.mydomain.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/CertCA2.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ProxyPass / http://myinternal_server/application_b/ ProxyPassReverse / http://myinternal_server/application_b/ </VirtualHost> <VirtualHost *:443> ServerName application_c.mydomain.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/CertCA3.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ProxyPass / http://myinternal_server/application_c/ ProxyPassReverse / http://myinternal_server/application_c/ </VirtualHost> ------------------------------------------ Niccolo' Manfrini Protechta - Information Security Tel. +39 0521 2021 Fax. +39 0521 207461 http://www.protechta.it/
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx