I did uncomment that earlier this morning... SSLOptions +StdEnvVars +ExportCertData And it blew up Jetty, nice huh? Could the way I have my ordering things in httpd.conf and httpd-ssl.conf be throwing something off? Where the httpd-ssl.conf comes first in the httpd.conf, before the acutual mod_jk stuff? Thanks for your responses, I appreciate your help >-----Original Message----- >From: Serge Dubrouski [mailto:sergeyfd@xxxxxxxxx] >Sent: Tuesday, November 28, 2006 10:53 AM >To: users@xxxxxxxxxxxxxxxx >Subject: Re: Apache, mod_jk, client >certificates, and Jetty > >On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote: >> >> I am trying to perform the following... >> >> >Browser_client_with_client_certificate<--https-->apache_with_mod_jk<-- >> ht >> tps-->Jetty >> >> Also, the browser client is passing a client certificate that I want >> Jetty to have access to perform A&A. >> >> Browser version = IE 6 >> Apache version = 2.2.3 >> Mod_jk version = 1.2.19 >> Jetty version = 4.2.9 >> >> I CAN get the full round trip working under HTTPS, that is not a >> problem. >> I CAN *** NOT *** get Jetty to have access to the client >certificate, >> Jetty states that it can not find the client certificate. >> >> I am confident that Jetty is configured for AJP (round trip in HTTPS >> work)and client certificates (when the >> Browser_client_with_client_certificate hits it directly, it works). >> >> >> Not sure if it is a config thing on apache/mod_jk or what. >> >> >> Below is my Apache and mod_jk config, any ideas???... >> >> ########################################################### >> In my httpd.conf file I have the following... >> >> # Secure (SSL/TLS) connections >> Include conf/extra/httpd-ssl.conf >> >> <IfModule !mod_jk.c> >> >> #LoadModule jk_module modules/mod_jk.so >> LoadModule jk_module >> modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so >> >> </IfModule> >> >> >> <IfModule mod_jk.c> >> >> JkWorkersFile "conf/worker.properties" >> >> JkLogFile "logs/mod_jk.log" >> >> JkLogLevel info >> >> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " >> >> JkOptions +ForwardKeySize +ForwardURICompat >> >> JkExtractSSL On >> # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator >> HTTPS # What is the indicator for SSL session (default is >> SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the >> indicator for client SSL cipher suit (default is >> SSL_CIPHER) >> JkCIPHERIndicator SSL_CIPHER >> # What is the indicator for the client SSL certificated (default is >> SSL_CLIENT_CERT) >> JkCERTSIndicator SSL_CLIENT_CERT >> >> </IfModule> >> >> ########################################################### >> In my worker.properties I have... >> >> worker.list=jetty >> >> #worker.jetty.port=8009 >> worker.jetty.port=5309 >> >> worker.jetty.host=servera >> >> worker.jetty.type=ajp13 >> >> worker.jetty.lbfactor=1 >> >> >> ########################################################### >> In my httpd-ssl.conf I have... >> >> <VirtualHost _default_:5443> >> >> #SSLOptions +StdEnvVars +ExportCertData > >Uncomment this. > >> >> JkMount /* jetty >> >> # General setup for the virtual host >> DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs" >> ServerName kftcsu14.ftc.lab:5443 >> ServerAdmin you@xxxxxxxxxxx >> ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log >> TransferLog /data/dir/dir/tools/web/apache/server/logs/access_log >> >> # SSL Engine Switch: >> # Enable/Disable SSL for this virtual host. >> SSLEngine on >> >> SSLProxyEngine on >> >> SSLCipherSuite >> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> >> SSLCertificateFile /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem >> SSLCertificateKeyFile >> /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem >> >> SSLCACertificateFile >> /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem >> SSLVerifyClient optional >> >> >> </VirtualHost> >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP >Server Project. >See <URL:http://httpd.apache.org/userslist.html> for more info. >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|