On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote:
I am trying to perform the following... Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--ht tps-->Jetty Also, the browser client is passing a client certificate that I want Jetty to have access to perform A&A. Browser version = IE 6 Apache version = 2.2.3 Mod_jk version = 1.2.19 Jetty version = 4.2.9 I CAN get the full round trip working under HTTPS, that is not a problem. I CAN *** NOT *** get Jetty to have access to the client certificate, Jetty states that it can not find the client certificate. I am confident that Jetty is configured for AJP (round trip in HTTPS work)and client certificates (when the Browser_client_with_client_certificate hits it directly, it works). Not sure if it is a config thing on apache/mod_jk or what. Below is my Apache and mod_jk config, any ideas???... ########################################################### In my httpd.conf file I have the following... # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf <IfModule !mod_jk.c> #LoadModule jk_module modules/mod_jk.so LoadModule jk_module modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so </IfModule> <IfModule mod_jk.c> JkWorkersFile "conf/worker.properties" JkLogFile "logs/mod_jk.log" JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardKeySize +ForwardURICompat JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT </IfModule> ########################################################### In my worker.properties I have... worker.list=jetty #worker.jetty.port=8009 worker.jetty.port=5309 worker.jetty.host=servera worker.jetty.type=ajp13 worker.jetty.lbfactor=1 ########################################################### In my httpd-ssl.conf I have... <VirtualHost _default_:5443> #SSLOptions +StdEnvVars +ExportCertData
Uncomment this.
JkMount /* jetty # General setup for the virtual host DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs" ServerName kftcsu14.ftc.lab:5443 ServerAdmin you@xxxxxxxxxxx ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProxyEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem SSLCertificateKeyFile /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem SSLCACertificateFile /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem SSLVerifyClient optional </VirtualHost> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|