SSLMod_proxyForwarding

Forwarding SSL environment when using http/https proxy:

 

The variables supported by the servlet interface are the following:

 

 

javax.servlet.request.X509Certificate

 

javax.servlet.request.cipher_suite

 

javax.servlet.request.ssl_session

 

javax.servlet.request.key_size

 

 

 

To get the client certificate or any SSL information from the broswer you have to use mod_header to add the SSL information to header. To do that add in httpd.conf of Apache httpd the following:

 

RequestHeader set SSL_CLIENT_CERT "%s"
RequestHeader set SSL_CIPHER "%s"
RequestHeader set SSL_SESSION_ID "%s"
RequestHeader set SSL_CIPHER_USEKEYSIZE "%s"

 

Then you need a valve in Tomcat to extract the information from the request Headers.

See http://anonsvn.jboss.org/repos/jbossweb/sandbox/valves/. (the original code).

The valve has been integrated in Tomcat and in JBossWeb (since 2007).

 

Once you have build the valves.jar copy it in server/lib/ and edit server.xml to add:

 

<Valve className="SSLValve"/>

in the <Engine/> part of the file.