Re: Apache, mod_jk, client certificates, and Jetty

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote:

I am trying to perform the following...

Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--ht
tps-->Jetty

Also, the browser client is passing a client certificate that I want
Jetty to have access to perform A&A.

Browser version = IE 6
Apache version = 2.2.3
Mod_jk version = 1.2.19
Jetty version = 4.2.9

I CAN get the full round trip working under HTTPS, that is not a
problem.
I CAN *** NOT *** get Jetty to have access to the client certificate,
Jetty states that it can not find the client certificate.

I am confident that Jetty is configured for AJP (round trip in HTTPS
work)and client certificates (when the
Browser_client_with_client_certificate hits it directly, it works).


Not sure if it is a config thing on apache/mod_jk or what.


Below is my Apache and mod_jk config, any ideas???...

###########################################################
In my httpd.conf file I have the following...

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<IfModule !mod_jk.c>

  #LoadModule jk_module  modules/mod_jk.so
  LoadModule jk_module
modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so

</IfModule>


<IfModule mod_jk.c>

  JkWorkersFile "conf/worker.properties"

  JkLogFile "logs/mod_jk.log"

  JkLogLevel info

  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

  JkOptions +ForwardKeySize +ForwardURICompat

JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

</IfModule>

###########################################################
In my worker.properties I have...

worker.list=jetty

#worker.jetty.port=8009
worker.jetty.port=5309

worker.jetty.host=servera

worker.jetty.type=ajp13

worker.jetty.lbfactor=1


###########################################################
In my httpd-ssl.conf I have...

<VirtualHost _default_:5443>

#SSLOptions +StdEnvVars +ExportCertData

Uncomment this.


JkMount /* jetty

#   General setup for the virtual host
DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs"
ServerName kftcsu14.ftc.lab:5443
ServerAdmin you@xxxxxxxxxxx
ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log
TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLProxyEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem
SSLCertificateKeyFile /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem

SSLCACertificateFile
/data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem
SSLVerifyClient optional


</VirtualHost>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux