|
Home > Archive > Apache Server configuration support > March 2005 > Reverse Proxy as a Client for Certificate Based Auth
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Reverse Proxy as a Client for Certificate Based Auth
|
|
| Etan Weintraub 2005-03-29, 6:26 pm |
| OK, this situation is kinda funky, so bear with me, and my apologies if
this has already been asked and answered somewhere, but after a week of
searching on Google, I've turned up nothing and so I come to you all in
humble seekings of your assistance..
Anyway, here's the situation. We have an authentication module that must
be used on our Apache Proxy Server (2.0.53 w/SSL). We are using Reverse
Proxying to throw that to another server (many different types). However,
to ensure that the request is coming from the Proxy Server, we want to use
SSL Certificate Based authentication. Now, I can get the backend server to
only accept connections based on Certificate Based Authentication (that
was the easy part), the problem is, how do I get the Apache Proxy Server
to present a Certificate for Authentication?
I cannot rely on the client having a certificate installed on their
browser, as we don't even care if the client is authenticated at this
stage, the Proxy Server handles that authentication internally. The
problem is having the backend server authenticate the Proxy Server.
The setup is like this:
<CLIENT>--HTTPS--<APACHE PROXY SERVER>--HTTPS--<BACKEND SERVER>
^ ^
| |
Authentication handled by Authentication handled by
Apache Proxy Server using SSL Certificate Based Auth
a plugin.
Any help would be GREATLY appreciated.
-Etan Weintraub
| |
| Etan Weintraub 2005-03-31, 6:27 pm |
| Found it...
SSLProxyMachineCertificateFile <path to combined Key and Cert file with
unencrypted key>
On Tue, 29 Mar 2005, Etan Weintraub wrote:
> OK, this situation is kinda funky, so bear with me, and my apologies if
> this has already been asked and answered somewhere, but after a week of
> searching on Google, I've turned up nothing and so I come to you all in
> humble seekings of your assistance..
>
> Anyway, here's the situation. We have an authentication module that must
> be used on our Apache Proxy Server (2.0.53 w/SSL). We are using Reverse
> Proxying to throw that to another server (many different types). However,
> to ensure that the request is coming from the Proxy Server, we want to use
> SSL Certificate Based authentication. Now, I can get the backend server to
> only accept connections based on Certificate Based Authentication (that
> was the easy part), the problem is, how do I get the Apache Proxy Server
> to present a Certificate for Authentication?
>
> I cannot rely on the client having a certificate installed on their
> browser, as we don't even care if the client is authenticated at this
> stage, the Proxy Server handles that authentication internally. The
> problem is having the backend server authenticate the Proxy Server.
>
> The setup is like this:
>
> <CLIENT>--HTTPS--<APACHE PROXY SERVER>--HTTPS--<BACKEND SERVER>
> ^ ^
> | |
> Authentication handled by Authentication handled by
> Apache Proxy Server using SSL Certificate Based Auth
> a plugin.
>
> Any help would be GREATLY appreciated.
>
> -Etan Weintraub
>
>
|
|
|
|
|