RE: Apache, mod_jk, client certificates, and Jetty

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I did uncomment that earlier this morning...

	SSLOptions +StdEnvVars +ExportCertData

And it blew up Jetty, nice huh?

Could the way I have my ordering things in httpd.conf and httpd-ssl.conf
be throwing something off?

Where the httpd-ssl.conf comes first in the httpd.conf, before the
acutual mod_jk stuff?


Thanks for your responses, I appreciate your help 



 

>-----Original Message-----
>From: Serge Dubrouski [mailto:sergeyfd@xxxxxxxxx] 
>Sent: Tuesday, November 28, 2006 10:53 AM
>To: users@xxxxxxxxxxxxxxxx
>Subject: Re:  Apache, mod_jk, client 
>certificates, and Jetty
>
>On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote:
>>
>> I am trying to perform the following...
>>
>> 
>Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--
>> ht
>> tps-->Jetty
>>
>> Also, the browser client is passing a client certificate that I want 
>> Jetty to have access to perform A&A.
>>
>> Browser version = IE 6
>> Apache version = 2.2.3
>> Mod_jk version = 1.2.19
>> Jetty version = 4.2.9
>>
>> I CAN get the full round trip working under HTTPS, that is not a 
>> problem.
>> I CAN *** NOT *** get Jetty to have access to the client 
>certificate, 
>> Jetty states that it can not find the client certificate.
>>
>> I am confident that Jetty is configured for AJP (round trip in HTTPS 
>> work)and client certificates (when the 
>> Browser_client_with_client_certificate hits it directly, it works).
>>
>>
>> Not sure if it is a config thing on apache/mod_jk or what.
>>
>>
>> Below is my Apache and mod_jk config, any ideas???...
>>
>> ###########################################################
>> In my httpd.conf file I have the following...
>>
>> # Secure (SSL/TLS) connections
>> Include conf/extra/httpd-ssl.conf
>>
>> <IfModule !mod_jk.c>
>>
>>   #LoadModule jk_module  modules/mod_jk.so
>>   LoadModule jk_module
>> modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so
>>
>> </IfModule>
>>
>>
>> <IfModule mod_jk.c>
>>
>>   JkWorkersFile "conf/worker.properties"
>>
>>   JkLogFile "logs/mod_jk.log"
>>
>>   JkLogLevel info
>>
>>   JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>
>>   JkOptions +ForwardKeySize +ForwardURICompat
>>
>> JkExtractSSL On
>> # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator 
>> HTTPS # What is the indicator for SSL session (default is 
>> SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the 
>> indicator for client SSL cipher suit (default is
>> SSL_CIPHER)
>> JkCIPHERIndicator SSL_CIPHER
>> # What is the indicator for the client SSL certificated (default is
>> SSL_CLIENT_CERT)
>> JkCERTSIndicator SSL_CLIENT_CERT
>>
>> </IfModule>
>>
>> ###########################################################
>> In my worker.properties I have...
>>
>> worker.list=jetty
>>
>> #worker.jetty.port=8009
>> worker.jetty.port=5309
>>
>> worker.jetty.host=servera
>>
>> worker.jetty.type=ajp13
>>
>> worker.jetty.lbfactor=1
>>
>>
>> ###########################################################
>> In my httpd-ssl.conf I have...
>>
>> <VirtualHost _default_:5443>
>>
>> #SSLOptions +StdEnvVars +ExportCertData
>
>Uncomment this.
>
>>
>> JkMount /* jetty
>>
>> #   General setup for the virtual host
>> DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs"
>> ServerName kftcsu14.ftc.lab:5443
>> ServerAdmin you@xxxxxxxxxxx
>> ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log
>> TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log
>>
>> #   SSL Engine Switch:
>> #   Enable/Disable SSL for this virtual host.
>> SSLEngine on
>>
>> SSLProxyEngine on
>>
>> SSLCipherSuite
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>> SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem
>> SSLCertificateKeyFile 
>> /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem
>>
>> SSLCACertificateFile
>> /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem
>> SSLVerifyClient optional
>>
>>
>> </VirtualHost>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux