As the frontend is designed to be placed at any point on Internet, and not necessarily in the same intranet as the backend server, communications between both must be secured. And as the presented information is sensitive, communication with the browser must be also secured.
I think I will have to give up and duplicate client certificates on both servers. If I am right, the information obtained from the browser certificate chain will not be enough for stablishing a secure connection with the backend server, as it lacks the key necessary to encrypt / decrypt the messages :-(
If this is the case, I will have another problem, as the default JSSE provider is meant to be used by a single user per application, and I have a server with a different user per thread. But I will open another thread for this ;-)
Thanks anyway, Rodrigo Ruiz
Rick Kellogg wrote:
Rodrigo,
It has been my experience you will not find the performance acceptable. Using SSL once is expensive. Multiple passes will really hurt. Just my opinion.
Rick
-----Original Message-----
From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 9:30 AM
To: [EMAIL PROTECTED]
Subject: Proxying SSL certificates
Hi all,
I am developing a web service(I will call it frontend) that must act as a client for a second web service(backend). The backend service expects a user certificate for authentication purposes, and I would like to configure the frontend service to also require a user certificate, and use the incoming certificate as the credentials for the backend. Is this possible?
Thanks in advance, Rodrigo Ruiz
