Thanks, we will try your suggestions. In the meantime we logged a request in Microsoft. I'll keep you posted.
-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 January 2017 22:46 To: Tomcat Users List Subject: Re: Mutual certificate authentication between Tomcat and MS IIS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Diago, On 1/24/17 4:41 PM, Christopher Schultz wrote: > Diago, > > On 1/24/17 11:40 AM, Macca, Diego wrote: >> On 1/24/17 8:24 AM, Macca, Diego wrote: >>>> Has somebody of you ever tried to configure certificate mutual >>>> authentication between a MS IIS webserver and a Tomcat instance? > >>> You want IIS to present a client certificate to Tomcat? Tomcat >>> shouldn't have a problem with that. > >> Yes, that's what I need. Tomcat does not have any problem and it >> works well with Apache. It seems that IIS is not able to present the >> certificate when I configure it as reverse proxy (so when it should >> act as a client). > >>>> Does somebody know if this is even possible in IIS ? > >>> You'd have to configure IIS's HTTP proxy to use a client >>> certificate. > >> Do you know how to configure it ? I mean, IIS does the reverse proxy >> things but I need it also to send the present to Tomcat. > > I don't know at all how to configure it, unfortunately. > > Do you need to have IIS *forward* the actual client's certificate to > Tomcat, or do you want to use a static client cert just from IIS? If > you want to forward the cert, you might find this useful: > https://blogs.msdn.microsoft.com/asiatech/2014/01/27/configuring-arr-w it > > h-client-certificate/ If you want to install a single certificate into the reverse-proxy, perhaps this can help: https://blogs.msdn.microsoft.com/benjaminperkins/2014/06/02/configure-ap plication-request-routing-arr-with-client-certificates/ - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYh8sEAAoJEBzwKT+lPKRYV2sQAJ5dSq7UkrBeaiipMS9VCuPm 1925yNm22ewsPnwNAZ5Vo9koRXbYAg/AVMAHgf1Ge8umrTYAByfno2gtTcuBtJEb DBHlm+9uPI+UZdbTs+GsdfW11nCYFc2DFy0cwDewO+N57h26Ji8MLtbd0SwVtYWG LxwA3chdX6pFc1Q1SlEF0XUT89TNZHL1OJUk5QgY4IxwQHOjqKq+dBv5SmgrEeSp rGkkzL+hL6AGjt4JmT1z+lnSiCZryO1Sn8gEuD8b+bob8t9S4Gmsg2/clVYNdvwL nfvpQYTkuZNawaUQCLmMfGoiLf3c6e3expTB09mtOKZA43c6hLXG9lKaI1/A/kOy Z34S3Uriy+NZaFjyClrrY7AvjjgENS4hQoElDdXXk3PFqOQRz5mSUKQAi1ksM9aK wyC8EYLaME2nO18KpIDcCrJCXTdwPBZCRWqu8QR26Vz0cLlqxd/B7WZLaiJgjzlN 1DZkAgVYdb0UFmbg/d012CVRlsMlMcs6tPaVoh8I8cB80wl/A6s6kQ6xCpGBDmto yfA4rl7STfou/868kx5NZ2/msJvs2DD909RNBbZ625aYTtLash82ttwLX42uTiAp JFJr/wnhGSCibfxmDjVEOoxMIbHTGm1PHF2yvi55aDTF9IyC32JSmlvncI5tedrI l+TLRr57yPiAJ6tOh+5R =ZSq/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Any e-mail message from the European Central Bank (ECB) is sent in good faith, but shall neither be binding nor construed as constituting a commitment by the ECB except where provided for in a written agreement. This e-mail is intended only for the use of the recipient(s) named above. Any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system. The ECB processes personal data in line with Regulation (EC) No 45/2001 and Decision ECB/2007/1. For any further information you can consult the Data Protection Disclaimer on the ECB webpage. In case of queries, please contact the ECB Data Protection Officer (d...@ecb.europa.eu). You may also contact the European Data Protection Supervisor.