What is the backend serverf? If it's Tomcat or JBoss I'd suggest to use AJP connector that allows to pass client certificates to backend. On 11/22/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote:
Hello, I currently have a HTTPS reverse proxy setup and it works like a champ! I am trying to pass the client cert from the reverse proxy to the backend server in the headers like so... RewriteCond %{SSL:SSL_CLIENT_CERT} (.*) RewriteRule .* - [E=SSLCC:%1] RequestHeader add X-SSL-Client-Cert %{SSLCC}e RewriteRule ^/https(.*)$ https://kftcsu09.ftc.lab:6443/$1 [P,L] Problem is, on the backend server that receives the request with client cert. in the headers it looks like this... XXX "-----BEGIN CERTIFICATE-----" XXX 10.0.0.114 - - [21/Nov/2006:16:15:02 -0500] "GET / HTTP/1.1" 200 4855 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" I only get the FIRST line of the client certificate... -----BEGIN CERTIFICATE----- And NOT the whole thing like... -----BEGIN CERTIFICATE----- MIIDhjCCAm6gAwIBAgIQZ/IVv3ytMJxL1k62UAK1aDANBgkqhkiG9w0BAQUFADAY Stuff, stuff, stuff, CnsoGAWH1LHipceWTVaxAh+ZlmP9iwjD6+i7oGSFnuNT9iKBrRXHQuZt -----END CERTIFICATE----- I am assuming that the newlines in the client certificate on the reverse proxy are hosing up sending the WHOLE client certificate. How do I fix this problem? Do I try to take out the new lines in rewrite somehow?, how do I do that, I have no clue. Do I try to do something else? What and how? I have searched and could not find anything. Thanks much for you help, I appreciate it. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx