Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to set ssl client cert to request?

Status
Not open for further replies.
zoza

zoza

Programmer
Apr 7, 2003
5
DE
We need to change apache to use client authentication.
For that, we changed httpd.conf (SSLVerifyClient & co), so that it asks for client certificate and it all works ok!
The problem is that i need certificate in back-end application as well (running on resin) either in request or header, so that backend application can also use it.
So far, we only managed to pass it to url using mod_rewrite, but there is encoding problem. It would be best solution if we can set it to request/header as it is!
We are running apache 1.3.26 on linux, and app server is resin.

Any ideas?
Thanks in advance,
zoza
 
Sort by date Sort by votes
Hi mate,

I'm not totally sure exactly what you are asking here.

If you are trying to use 2 certs on the 1 IP address, then you can't do it. To use 2 different certs, you would need to be using 2 different IP based vhosts.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Thanks for reply, and sorry, maybe i was not clear enough :)
ok, what i'm trying to do, is not use 2 certs on 1 ip, or something like that, not even virtual hosts, just simple 1 client cert, 1 server cert!

I have valid client certificate, i log in on a server which require client certificate, server checks it, validates CA, and everything works fine. It lets me in!

Now, i need step two:
i need the complete client certificate, so all
----- BEGIN CERTIFICATE ---- to ----END CERTIFICATE--- text in my back end application server.
To do this, i know one option is to set certificate to URL, which we did, and it works, but has to be escaped, so what i get is slightly changed certificate...
I would need a method to set certificate as it is in request/header/whatever so that it comes unchanged to back-end.
hope it's better now :)
 
Upvote 0 Downvote
I'm trying to do what you did in step 1. have my server authenticate the client. I changed the httpd.conf and now the server is trying to authenticate the client, I have been given the client certificate, but not sure where to put it, so the server will let this client in. Would love to know how you did it.

Thanks in advance.

Chris Burger
 
Upvote 0 Downvote
you need to put the whole certificate chain in a file, and specify file name in conf file (i think key is cacert...) Apache has to know which certificates (issued by which CA) are valid for you, so it should let them in.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
1K
gbaughma
gbaughma
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
588
spamjim
spamjim
gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
339
gregor weertman
gregor weertman
msk69
  • Locked
  • Question
Certificates 1
Replies
4
Views
545
iggsterman
iggsterman
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
328
kasperelectronics
kasperelectronics

Part and Inventory Search

Sponsor

Back
Top