Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: 2-way SSL with 1-way SSL mix |
|
| Author |
|
tenly
Joined: 10 Apr 2014
Posts: 3
Location: Canada, Toronto
|
 Posted: Fri 07 Nov '14 10:50 Post subject: 2-way SSL with 1-way SSL mix |
 |
|
Hi all, I'm very new to Apache and am trying to modify the configuration of an existing application server. The server used to run on an intranet with no requirement for SSL. The new requirement is to provide access over the internet and so enabling SSL is mandatory.
I would like to know if the following type of configuration is possible - and if so - perhaps someone could point me to some documentation that explains how to do it.
The majority of the functionality the web-server provides will be consumed by other programs, however there is also a a password protected "control panel" which a user would sign into using a web-browser.
The only port we want to open up to the internet is 443. The server is running on an Amazon EC2 instance with an Elastic (Public) IP address. We have created 2 different public DNS aliases that both resolve to this server.
We would like the "default configuration" for this web server to be that 2-way SSL (mutual authentication) is required. The programs/apps that consume services from the web server will be configured with a certificate which allows them to communicate with the server. We have successfully configured the server this way. It's the next requirement that we are unable to make work.
We would like to allow any connections that come in requesting /console/* to NOT require mutual authentication. We only want to require 1-way SSL for users connecting to our console with a web-browser.
It seems pretty easy to say and I don't think this is would be an unreasonable request - but we have searched unsuccessfully for months for a configuration that allows this. At times we have had "Apache knowledgeable people tell us that it's both "easy to configure" and "impossible to configure/unsupported".
Thank you in advance to any of you that take the time to respond!
Tenly |
|
| Back to top |
|
tenly
Joined: 10 Apr 2014
Posts: 3
Location: Canada, Toronto
|
| Posted: Tue 02 Dec '14 2:46 Post subject: |
|
|
Did I not provide enough information in my question? Or did I post it in the wrong forum?
In 3 weeks, my question is the only one that has received 0 replies! Is this something that should be so simple to accomplish that nobody wants to take 5 minutes to point me to the answer? Or is it something that is completely impossible to accomplish?
I'm still searching for an answer to this question. If you can help - please do!
Thanks in advance,
Tenly |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 692
|
| Posted: Tue 02 Dec '14 12:04 Post subject: |
|
|
Maybe some pointers for you at http://linuxconfig.org/apache-web-server-ssl-authentication
ps.
When nobody responds is mostly that no one has a solution. Also your post is a lot of text, maybe for ppl it is hard to understand your issues. Missing in your post is the info at point 0 in the forum rules. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 08 Dec '14 18:20 Post subject: |
|
|
| it is not possible to exclude a single path from that. |
|
| Back to top |
|
|
|
|
|
|
