0

I got the following issue: A browser send a CORS request to a server - this server requires client SSL/TLS authentication (so both, server and client should exchange their certificates). The server is on the different domain than the page loaded to the client - so it requires a CORS request.

Issue 1: IE11 abort preflight requests with two way SSL/TLS certification

Resolution 1: Make the request 'local' and setup an apache proxy (with RewriteRule - but it did't pass the client's certificate and then with proxy pass - but it didn't pass the client's certificate as well).

Issue 2: The client's certificate is not pass with rewrite rules and with proxy pass.

The question: Is there ANY way to pass the client's certificate with an apache proxy? (Without changing the server's API at all).

PS: I've read many threads like this - Apache SSL Proxy can't find client certificate? but I didn't find any solution (and threads like this are old).

Community
  • 1
Oskar Szura
  • 103
  • 5

1 Answers1

2

If you have a server, that uses https with client certificates, then you can't put a normal application protocol-level proxy in front of it, the best you can do is a TCP plug or port redirect.

The application server isn't going to settle for a cert in an HTTP header when it wants evidence of ownership of a private key in TLS. The TLS handshaking will need to occur between the client and the server.

Adrien
  • 267
  • 1
  • 6
  • actually I may be wrong about this. It may be possible to configure a back end to do validation on a cert passed through by the reverse proxy after all. e.g. see http://serverfault.com/questions/622855/nginx-proxy-to-back-end-with-ssl-client-certificate-authentication – Adrien Jul 26 '16 at 22:33