Re: Apache module suitable for SSL passthrough

[yasser arafat <yarafatin@xxxxxxxxx>]

Thanks for the reply Tom.

I have an application in JBoss setup with a CLIENT_CERT mode of authentication. When a user tries to access a secure URL, the JAAS login modules kicks off, captures the client certificate and extracts the CN data from it for authorization. 
With the current setup, I cannot change the authentication to read from HTTP headers. 
I was just hoping that there may be some apache module that can pass along the client cert as is.



Thanks,
Yasser

On Thu, Mar 3, 2011 at 12:45 PM, Tom Evans <tevans.uk@googlemail.com> wrote:

On Thu, Mar 3, 2011 at 5:12 PM, yasser arafat <yarafatin@xxxxxxxxx> wrote:
> Hello all,
>
> My JBoss app server has mutual SSL authentication setup (We do some
> processing based on the client certificate).
>
> I need to have a web server in front of JBoss. Which is the best apache
> module that can do an SSL passthrough to JBoss?
>
>
>
> Thank and regards,
>
> Yasser
>
>

There is no such thing as SSL pass through - SSL is an end to end
encryption protocol, there can be no middle.

You can do SSL termination on apache and forward the appropriate
sections of the client certificate through to jboss as custom HTTP
headers. You cannot do SSL termination on apache and re-present the
client certificate to jboss.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx