Re: Apache and client certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It is possible to use reverse proxy to pass a PEM Encoded Certificate as a HTTP header to a backend server.
 
Make sure you have this directive in your config file
 
SSLOptions +ExportCertData
 
Then use mod_headers to  set the header
 
RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
 
 
You can find more info here   http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
here  http://httpd.apache.org/docs/2.2/mod/mod_headers.html
 
One caveat, depending on which version of apache you use (2.0.x or 2.2.x), the PEM encoded Certificate may across a bit strange (ie.  not conforming to multiline HTTP header).  So you may see your header looking like this
 
MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data] .....  ---- END CERTIFICATE -----
 
 
 


 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux