reverse proxy with chained signed client certificate fails

reverse proxy with chained signed client certificate fails

Post by Armin Kro » Tue, 08 Jul 2003 15:17:35



Hi list,

I try to set up a reverse proxy connection with modssl and
client-certificate-authentification.
It works fine if I have one client-certificate with it's private key
in one concatenatened file. I put this in a directory and put the
directorys name in
'SSLProxyMachineCertificatePath'.
But I have a second connection wich uses a client-certificate and this
is signed by chained root-certificates:

  myclient-certificate<=middle-signer-certifcate<=root-signer-certifcate

If I put this PKCS7-file with the private key in one file then 'make'
(making hash key with openssl-script) failes for this file.
If I put all the 'myclient-certificate', the
'middle-signer-certifcate', 'root-signer-certifcate' and the private
key in a concatenated file then 'make' succedes but modssl sends the
'middle-signer-certifcate' for client-authentification. This fails.

Any sugestions how to use a 'chain-signed' client-certificate for
client-certificate-autentification with modssl?

best regards
Armin Krone

 
 
 

1. reverse proxy with client certificate to a server...

Hi

I have got an interresting problem. I need to setup the following
connection using mod_proxy :
client <--HTTP(S)--> Apache(Mod_proxy) <--HTTPS with client certificat
--> server.

Actualy it is a normal Apaache reverse proxy setup, but the difficulty
is that the connection to the server is being done using an SSL client
certificate.

It sounds rather complcated, but is this possible???

Tom

2. PPP tutorial

3. pb with self-signed certificate and certificate installation within IE browser

4. printing fromm an hp to a sun network

5. apache reverse proxy ssl - not passing certificate

6. Question about reading a serial port

7. How to proxy Client Certificate Data with Apache mod_rewrite

8. RedHat 4.1 on ASUS T2P4

9. Can't see originating client with reverse proxy

10. Relaying Client IP Through Reverse Proxy?

11. No client caching with Apache reverse proxy load balancing...

12. Apache (reverse) proxy - Real client address

13. Secure reverse proxy and client certification