在Apache httpd反向代理和Tomcat之间进行两种方式的SSL身份验证 [英] Making a two way SSL authentication between apache httpd reverse proxy and Tomcats

问题描述

我有一个充当反向代理的Apache HTTPD和Tomcat(6.0.35)服务器，我要实现的目标是Tomcat服务器和反向代理之间将相互信任.这意味着当反向代理转发请求时，它将呈现自己的证书，该证书将被导入到Tomcat的信任库文件中，从而使Tomcat仅在反向代理真正提出请求时才接受请求(如果可能，甚至检查tomcat的证书是否为特定的证书).我已经成功设置了需要客户端证书的Tomcat，它可以正常运行，但是正确的反向代理配置似乎使我望而却步.

I have an Apache HTTPD working as a reverse proxy, and Tomcat(6.0.35) server(s), what I'm trying to achieve is that there will be mutual trust between the Tomcat server and the reverse proxy. Meaning that when reverse proxy forwards a request it will present it's own certificate that will be imported into Tomcat's truststore file thus making the Tomcat accept requests only when they really are made by the reverse proxy(and if possible maybe even check that the tomcat's certificate is a certain specific certificate). I have managed to setup a Tomcat that requires a client certificate and it works perfectly but the correct reverse proxy configuration seems to be eluding me.

推荐答案

您应该尝试

You should try the SSLProxyMachineCertificateFile option and point it to a file containing your client certificate and its (unencrypted) private key in PEM format.

这篇关于在Apache httpd反向代理和Tomcat之间进行两种方式的SSL身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！