[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] Apache and client certs
From: "Serge Dubrouski" <sergeyfd () gmail ! com>
Date: 2006-12-30 15:32:32
Message-ID: 868cbbaa0612300732r7742d684kac8a80078eda1794 () mail ! gmail ! com
[Download RAW message or body]
On 12/30/06, toadie D <toadie643@gmail.com> wrote:
> It is possible to use reverse proxy to pass a PEM Encoded Certificate as a
> HTTP header to a backend server.
>
> Make sure you have this directive in your config file
>
> SSLOptions +ExportCertData
>
> Then use mod_headers to set the header
>
> RequestHeader MY_CLIENT_CERT %{SSL_CLIENT_CERT}s
>
>
> You can find more info here
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html and
> here http://httpd.apache.org/docs/2.2/mod/mod_headers.html
>
> One caveat, depending on which version of apache you use (2.0.x or 2.2.x),
> the PEM encoded Certificate may across a bit strange (ie. not conforming to
> multiline HTTP header).
And not recognizable by backend application.
> So you may see your header looking like this
>
> MY_CLIENT_CERT: ----- BEGIN CERTIFICATE -----[blanks no CRLF] [First line of
> base64 encoded data] [ blanks no CRLF ] [Second line of base64 encoded data]
> ..... ---- END CERTIFICATE -----
>
>
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic