On 02.12.2016 13:27, Bipin Jethwani wrote:
We use Spring security and want to use Two Way SSL for a few Jersey based
REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or
apache level.
Can we still get access to client certificate at web app level?
On second thought we can live without having access to client cert but can
we have load-balancer or apache configured to request for client cert only
for a specific urls?
Is there a standard for this?
-Bipin
Hi.
If indeed "SSL is offloaded at load-balancer or apache level", isn't this more a question
for the respective user's list of these products, rather than for the Tomcat user's list ?
If you do need some SSL information at the Tomcat back-end level, and if between your
Apache httpd front-end, and the Tomcat back-ends, the proxy/balancer module which you are
using is mod_jk, then you will find most pertinent information about passing SSL data from
the front-end to the back-end Tomcat (even if you "terminate" the SSL at the httpd level),
here :
http://tomcat.apache.org/connectors-doc/reference/apache.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org