?
Solved

Apache reverse proxy to Domino (CAC Authentication)

Posted on 2011-09-10
4
Medium Priority
?
630 Views
Last Modified: 2012-05-12
I am very new to both Apache and Domino.  I have been tasked with using an Apache front end to pass SSL traffic to our back end domino server for CAC authentication for our users.  I have been able to successfully proxy a client through to Domino, however the request does not maintain the CAC header information.

So effectively what I am trying to do is:

client -------> Apache -------->Domino  (443 all the way through)

I realize that when doing this it acts as 2 separate SSL transactions and to deal with that I am trying to use mod_header in apache to pass the CAC information.  When doing this I keep receiving this error:

"Proxy client certificate callback downstream server wanted client certificate but none are configured"

I have tried some of the other solutions on these forums but still nothing is working.  Any help is greatly appreciated.

Thank you!!
0
Comment
Question by:ThatNewGuy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 10

Expert Comment

by:doninja
ID: 36528452
If you are providing SSL on the apache then the connection to domino does not need to also be SSL encrypted as it will loose information as you are finding.
0
 

Author Comment

by:ThatNewGuy
ID: 36529807
Donin, Thank you for the response :)

Unfortunately I have also tried that route but according to IBM support SSL must be enabled on Domino to allow for CAC authentication so I have to configure it this way :(
0
 

Accepted Solution

by:
ThatNewGuy earned 0 total points
ID: 36956535
As a follow up to my question I ultimately found that this is impossible with the setup I want.  Domino does not allow for private key export.  In order to maintain a SSL connection through the proxy to the backend server that private key information is needed by the Apache server.  Without that information Apache will not create the second SSL connection between itself and the backend, which is necessary to carry the CAC credentials forward.

Hopefully if anyone else attempts to do this, they find this information useful.
0
 

Author Closing Comment

by:ThatNewGuy
ID: 36978200
I found the solution; therefore I posted it so that others who may need this information have it and then I accepted it as my answer.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question