Thanks a lot!
It's very helpful for me.
Regards,
Miguel �ngel.
Manon Goo <[EMAIL PROTECTED]>
04/10/2002 13:05
Por favor, responda a [EMAIL PROTECTED]; Por favor, responda a Manon Goo
<[EMAIL PROTECTED]>
Destinatarios: [EMAIL PROTECTED]
CC: (cci: Miguel �ngel Pe�a Pi��n/Madrid/FNMT)
Asunto: Re: Proxying client certificate
I do not know if this works
but I would try using mod_rewrite
and rewrite
/ to http://[EMAIL PROTECTED]/
Where user is extracted from the x509 DN
--On Freitag, 4. Oktober 2002 8:46 Uhr +0200 [EMAIL PROTECTED] wrote:
>
>
>
> Hello all,
>
> I'm trying to do the following and I don't success:
>
> I want to authenticate users against a Apache 2.0.40 proxy using SSL with
> client certificate authentication. Beyond the proxy, there is a Web
> server in militarized zone and I want to forward the X.509v3 user
> certificate to this Web server, in order to perform access control.
>
> I have tried to configure the proxy with SSL and client authentication
> using certs and the Web server with SSL (without authentication) and, of
> course, this doesn't work since two different SSL contexts are
> established: Browser->Proxy and Proxy->SSL, so the information about the
> SSL channel in the Web server has nothing to do with the browser -> the
> server doesn't receive the user certificate.
>
> I have also tried to configure the proxy with SSL and client
> authentication with certs and the Web server without SSL. This works but,
> obviously, the information about the SSL channel established between the
> browser and the proxy is not forwarded to the Web server.
>
> I've set "SSLOptions" to "+StdEnvVars +CompatEnvVars +ExportCertData"
> in the proxy and I wonder if it is possible to forward the environment
> variables from the proxy to the Web server.
>
> Can any of you give me any ideas?
>
> Thanks in advance,
>
> Miguel �ngel Pe�a.
>
>
>
>
att1.unk
Description: Binary data
