mod_cluster widfly 9 and client certificate 2 way SSL

Question

I have one problem when i am configuring 2 way SSL (client certificate) with mod_cluster on wildfly 9.0.2

-Direct connection on wildfly on port 8443 (like https://wildflyserver:8443/context) is working,

-AJP connector connection between apache and wildfly and mod_cluster is not working

-There is no HTTPS connector ?

 <mod-cluster-config advertise-socket="modcluster" proxies="mc-proxy1" advertise="false" connector="http-default">
                <dynamic-load-provider>
                    <load-metric type="cpu"/>
                </dynamic-load-provider>
                <ssl key-alias="aofweb" password="XXXXXX" certificate-key-file="${jboss.domain.config.dir}/keystoreWeb.jks" cipher-suite="ALL" protocol="TLSv1" ca-certificate-file="${jboss.domain.config.dir}/keystoreWeb.jks"/>
            </mod-cluster-config>

-When i am using http redirect to https with web.xml configuration and redirect-socket binding the URL changes from https://apacheserver/context to https://wildflyserver:8443/context, if i had a directive preserveProxyhost it does'nt work too,

anybody have a solution ?

Answer 1

i manage to do it , i configure "ajp" connection , in listener scheme https,

in case of in httpd listener certificate-forwarding=true and redirection on https,

in web.xml auth-method to CLIENT-CERT and transport-guarantee to CONFIDENTIAL,

and then the most important in apache, client verification mandatory and forward cert data :

SSLHonorCipherOrder on
SSLVerifyClient require
SSLVerifyDepth 10
#THE CA USED TO GENERATE CLIENT CERTIFICATE
SSLCACertificateFile /etc/httpd/certs/cacert.pem
SSLOptions +ExportCertData

SSLOptions +StdEnvVars Require all granted

tell me if you have problem :

widlfy 9.0 apache 2.4 mod_proxy_ajp mod_ssl mod_proxy modcluster 1.3.1