I have an Apache HTTPD working as a reverse proxy, and Tomcat(6.0.35) server(s), what I'm trying to achieve is that there will be mutual trust between the Tomcat server and the reverse proxy. Meaning that when reverse proxy forwards a request it will present it's own certificate that will be imported into Tomcat's truststore file thus making the Tomcat accept requests only when they really are made by the reverse proxy(and if possible maybe even check that the tomcat's certificate is a certain specific certificate). I have managed to setup a Tomcat that requires a client certificate and it works perfectly but the correct reverse proxy configuration seems to be eluding me.
A traditional forward proxy server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet. A reverse proxy, on the other hand, routes traffic on behalf of multiple servers.
In Two-Way SSL authentication, the client and server need to authenticate and validate each others identities. The authentication message exchange between client and server is called an SSL handshake, and it includes the following steps: A client requests access to a protected resource.
ProxyPassReverse will intercept those headers, and rewrite them to match the Apache proxy server. ProxyPass will create a reverse proxy. A reverse proxy (or gateway), appears to the client just like an ordinary web server.
You should try the SSLProxyMachineCertificateFile
option and point it to a file containing your client certificate and its (unencrypted) private key in PEM format.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With