Menu
I have a REST back-end that can be used based on X509 authentication using client certificate.
Now I have a front-end written in Angular 2 which should also use X509 authentication and further provide it to REST back-end.
What I do not understand is how to forward client certificate from Angular 2 front-end to REST back-end for authentication. Is it even possible or should I use one security domain as X509 authentication between front-end and client and second security domain as X509 authentication between front-end and back-end?
976
If you are using Apache2 httpd server to host your Angular2 app, you can install mod_ssl on your system which varies depending on operating system.
After installing mod_ssl, a new config file is created. In my case it is located at: /etc/httpd/conf.d/ssl.conf. Place the following configuration, tweak for your use case of course.
You will need to have your CA cert, and a server cert signed by that CA as well as the server private key.
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /var/www/html/certs/localhost.crt
SSLCertificateKeyFile /var/www/html/certs/key.pem
SSLCACertificateFile /var/www/html/certs/ca.crt
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData
ServerAdmin [email protected]
ServerName localhost
DocumentRoot /var/www/html
ErrorLog /var/www/logs/error.log
CustomLog /var/www/logs/access.log combined
ProxyPass /services ajp://localhost:8009/services
ProxyPassReverse /services ajp://localhost:8009/services
SSLOptions +ExportCertData
DocumentRoot /var/www/html
<Directory /var/www>
Options -Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
After restarting apache2, it will now prompt the user for a certificate, and forward that certificate to the back-end thanks to the SSLOptions +ExportCertData
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
