Yeah, it is very complex, I don't think current camel-cxf can support it out of box. Can I know more detail about the web service that you proxy with Camel? Why do you need to pass the clients request with re-attached key to the back service? Can you just pass the client id of something and let camel route use the fixed private key to send the request to back service?
-- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Wednesday, May 22, 2013 at 5:08 AM, RTernier wrote: > My camel app is running pretty well, however it's using our unsecured > webservice platform for development and PoC. I now need to change it so it > works with our server certificates (x509) and use client certificate > passthrough. We encrypt with the server cert. and use client certificates as > a lock/key pair to get access. > > -Clients require the private key installed > -The Server camel is on (currently windows) requires the private key > installed. > -Client sends public key, Camel will accept it, and then re-attach/re-send > (find the key from a store) and pass that key onto the other end point. > > I'm not sure how all this will play out though. My current dev environment > is on Windows, however this will be released onto a Linux box running > Apache. > > Some of the routes I have in Camel/Spring are a reverse-proxy, and it > requires the certificate to be re-attached, where others are a bit more > complex - I'm hoping to figure out how to do the reverse-proxy part first. > > Are there any documents or papers on how this will work with Camel? Or any > hints? > > Cheers. > > > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/SSL-Server-Certs-and-Client-certificate-passthrough-tp5732925.html > Sent from the Camel - Users mailing list archive at Nabble.com > (http://Nabble.com).
