Topic: Apache Reverse Proxy to IIS Client certificate authenticatio

[jessay]

After thorough research I have come to ask for assistance.

What I want is to create a configuration similar to what Apache/Tomcat have with I believe AJP only Apache to IIS.

I know due to TLS, IIS, x509, it is generally difficult as what I am wanting to do creates a MITM (Man-In-The-Middle)

Internet ==> Apache Reverse Proxy === IIS backend
Authentication Client certificate

I know the reason right now I am losing the header information on IIS is due to the TLS session ending after I hit my proxy server.

I thought by configuring my virtual host utilizing
SSLCACertificateFile it may work however I still receive the 403.7 (IIS).
I was hoping to leverage mod_proxy parameters that I leverage with tomcat would work with IIS but I am having no success. My <virtual host> is using the following so far
SSLEngine On
SSLVerifyCLient require
SSLVerifyDepth 4
SSLCertificateFile ssl.crt/cert.pem
SSLCertificateKeyFile ssl.crt/key.key
SSLCACertficateFile ssl.crt/CAbundle.pem
SSLOptions +ExportCertData
SSLProxyEngine On
JkMount /
JKMount /
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /location/ http://ip:7443

My goal was to build this <virtualHost> to where I have Apache Reverse Proxy working with both Tomcat and IIS on the backend both accepting client certificate login.

The other approach I am looking into is attempting to see what header information occurs between apache and IIS and is there anyway to configure IIS to leverage x509 http syntax to grab the information and leverage that for authentication. I need to leverage HTTP and not HTTPS and capture that traffic with wireshark to see if there is anything there to work with.
This is my debacle I am currently working through and appreciate any assistance.

[James Blond]

AJP is for java based backends like tomcat and is a protocol on its own.[1] I don't think you need that.


What works if you have an old hub ((not a switch) hardware)