>>Hello everybody. >> >>Could somebody help me with the following question: >> >>In a scenario like this. >> >>Client <-----------HTTS----------->Apache reverse >> proxy<--------------HTTPS------------->Backend >> >>Can the reverse proxy fordward the Client Digital certificate to the >> Backend? >>If so, what directives do I have to configure? The only way to have real client certificate authentication is by setting the SSLProxyMachineCertificateFile directive. But that is fairly limiting, since the proxy then has a list of client certificates to use, and it basically ignores the client certificate sent by the client. The only other possibility is to have the client certificate authentication on the reverse proxy. Other methods (like sending a header with the DN) don't actually authenticate with a client certificate. You could also use SSLUserName (requires Apache 2.0.51) to use basic authentication based on client certificate properties. Joost --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|