Dinner is served!
In this particular case I forward only the client's subject DN.
# If the certificate environment variable is set, save the value in
an environment variable of our own for future reference
RewriteCond %{SSL:SSL_CLIENT_S_DN} !=""
RewriteRule .* -
[E=DN:%{SSL:SSL_CLIENT_S_DN}]
# Create a rewrite map with the internal escape method in order to
escape the query string
RewriteMap escape int:escape
# URLescape the DN envir var, append it to the query string and proxy
the whole shabang to foo.bar
RewriteRule ^/(.*)
https://foo.bar/$1?DN=${escape:%{ENV:DN}} [QSA,P]
You can probably replace the SSL_CLIENT_S_DN used above by any other variable
found in the mod_ssl documentation.
-ascs
-----Original Message-----
From: Jose Serrano Rodenas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 03, 2005 7:07 PM
To: [email protected]
Subject: Re: [EMAIL PROTECTED] Can reverse proxy forward digital certificates.
Very Thanks for the information.
Anyway, Do you know some resource where explain how to do what you say.
Thanks again
Axel-Stéphane SMORGRAV wrote:
>As far as I know, it cannot.
>
>What you can do though, is to forward the certificate data as a header
>variable or in the query string. The data is available in reverse proxy
>environment variables. You should make sure to overwrite any prior value of
>such a variable contained in the request from the client.
>
>-ascs
>
>-----Original Message-----
>From: Jose Serrano Rodenas [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, August 02, 2005 5:55 PM
>To: apache
>Subject: [EMAIL PROTECTED] Can reverse proxy forward digital certificates.
>
>Hello everybody.
>
>Could somebody help me with the following question:
>
>In a scenario like this.
>
>Client <-----------HTTS----------->Apache reverse
>proxy<--------------HTTPS------------->Backend
>
>Can the reverse proxy fordward the Client Digital certificate to the Backend?
>If so, what directives do I have to configure?
>
>Thanks in avanced
>
>
>
>
>Jose Serrano
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
--
Jose Serrano Rodenas
Conselleria de Sanitat
Área de Organización y Sistemas de Comunicación.
Centro de Gestion de la red Arterias
Telfno: 96 39-87180
Correo: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
