I have Server-A (IIS-6) performing certificate based authentication of users.
If I want to put a reverse proxy (Server-B) in front of Server-A, what is the best method while still continuing to use certificate based authentication (if possible) on Server-A?
This must be done on the server where the SSL is terminated - without SSL there is no certificate to use for authentication. It is possible that the proxy server could use the information in the certificate to substitute in an additional HTTP header, but AFAIK, there's no explicit support for tunnelling credentials over HTTP using ISA nor Squid.
In principle it would be possible to repackage the request before presenting it to the actual webserver) but that would involve a lot more smarts that are usually available within a proxy.
