|

»

Problems with customizing Apache as a proxy in front of EJBCA

View: New views

4 Messages — Rating Filter: Alert me

	Problems with customizing Apache as a proxy in front of EJBCA by techcrypto :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi all, I try to set up apache as proxy in front of EJBCA. I generated SSL server certificate for apache (it is used CA as for tomcat user) and adjusted httpd.conf as described in the instruction. I writed followed <Proxy balancer://mycluster-kerb> BalancerMember ajp://localhost:8009/ejbca </Proxy> ProxyPass / balancer://mycluster-kerb/ RewriteEngine on RewriteCond %{THE_REQUEST} /ejbca/ RewriteRule ^/ejbca/(.*)$ /$1 [PT] SSLEngine on SSLCipher HIGH SSLProtocol all -SSLv2 SSLCertificateFile ...... SSLCertificateKeyFile .... <Location /adminweb> SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile .... </Location> For public site all work ok on SSL protocol. To load adminweb I have to click some time on the window which request SSL client certificate. Only after some click the adminweb is loaded. Besides if I call some item of menu the request for SSL client certificate appeares again. And corresponding window is loaded after some click on the window for request SSL client certificate. Have any ideas about these? Thanks in advance. Alex.
	Re: Problems with customizing Apache as a proxy in front of EJBCA by Johan Eklund :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Alex, When visiting the adminweb my web browser, Mozilla Firefox 3.0.13, asks me for which certificate I want to use. This is done three times as there is three HTML frames in the adminweb. After that I can click on different links without a question and then sometimes the question will appear again. I do not get the question every time I click something but more often than when visiting the adminweb wihout Apache. Is this similar to the situation you are describing? Best Regards, Markus techcrypto wrote: > Hi all, > > I try to set up apache as proxy in front of EJBCA. I generated SSL server > certificate for apache (it is used CA as for tomcat user) and adjusted > httpd.conf as described in the instruction. I writed followed > <Proxy balancer://mycluster-kerb> > BalancerMember ajp://localhost:8009/ejbca > </Proxy> > ProxyPass / balancer://mycluster-kerb/ > > RewriteEngine on > RewriteCond %{THE_REQUEST} /ejbca/ > RewriteRule ^/ejbca/(.*)$ /$1 [PT] > > SSLEngine on > SSLCipher HIGH > SSLProtocol all -SSLv2 > SSLCertificateFile ...... > SSLCertificateKeyFile .... > > <Location /adminweb> > SSLVerifyClient require > SSLVerifyDepth 1 > SSLCACertificateFile .... > </Location> > > For public site all work ok on SSL protocol. To load adminweb I have to > click some time on the window which request SSL client certificate. Only > after some click the adminweb is loaded. Besides if I call some item of menu > the request for SSL client certificate appeares again. And corresponding > window is loaded after some click on the window for request SSL client > certificate. > Have any ideas about these? > Thanks in advance. > Alex. > > > -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop
	Re: Problems with customizing Apache as a proxy in front of EJBCA by techcrypto :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Markus, I try to explain my situation in detail. If I use Tomcat (default), when I accessed to adminweb I get prompt to choose client SSL certificate for strong authentication by the system. When certificate is proper and the system determines me as admin I get access to adminweb. After that I can go to any menu items which are accessible for me. And the system do not inquire me for certificate any more. When I use Apache and try to get access to adminweb the system prompts me to choose client SSL certificate some times (about 8 or 9 times). I constantly click on OK and site is downloaded. After that if I click on some menu of the system I get prompt to choose certificate again. And I must to click on OK button some times to be downloaded corresponding frame. P.S. I use Foredox 3.0.5 Why it happen? Best regards Alex techcrypto wrote: Hi all, I try to set up apache as proxy in front of EJBCA. I generated SSL server certificate for apache (it is used CA as for tomcat user) and adjusted httpd.conf as described in the instruction. I writed followed <Proxy balancer://mycluster-kerb> BalancerMember ajp://localhost:8009/ejbca </Proxy> ProxyPass / balancer://mycluster-kerb/ RewriteEngine on RewriteCond %{THE_REQUEST} /ejbca/ RewriteRule ^/ejbca/(.*)$ /$1 [PT] SSLEngine on SSLCipher HIGH SSLProtocol all -SSLv2 SSLCertificateFile ...... SSLCertificateKeyFile .... <Location /adminweb> SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile .... </Location> For public site all work ok on SSL protocol. To load adminweb I have to click some time on the window which request SSL client certificate. Only after some click the adminweb is loaded. Besides if I call some item of menu the request for SSL client certificate appeares again. And corresponding window is loaded after some click on the window for request SSL client certificate. Have any ideas about these? Thanks in advance. Alex.
	Re: Problems with customizing Apache as a proxy in front of EJBCA by Alain RICHARD :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Le 28 août 09 à 15:54, techcrypto a écrit : Hi Markus, I try to explain my situation in detail. If I use Tomcat (default), when I accessed to adminweb I get prompt to choose client SSL certificate for strong authentication by the system. When certificate is proper and the system determines me as admin I get access to adminweb. After that I can go to any menu items which are accessible for me. And the system do not inquire me for certificate any more. When I use Apache and try to get access to adminweb the system prompts me to choose client SSL certificate some times (about 8 or 9 times). I constantly click on OK and site is downloaded. After that if I click on some menu of the system I get prompt to choose certificate again. And I must to click on OK button some times to be downloaded corresponding frame. P.S. I use Foredox 3.0.5 Why it happen? Best regards Alex I have the same issue : Firefox 3.0.x ask for the certificate for each objects in each frames, so i ask for it several times. This bug was not present in Firefox 2.x and was corrected in Firefox 3.5. So the easier solution is to update to firefox 3.5. Regards, -- Alain RICHARD <alain.richard@...> EQUATION SA <http://www.equation.fr/> Tel : +33 477 79 48 00 Fax : +33 477 79 48 01 Applications client/serveur, ingénierie réseau et Linux ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop