[undertow-dev] Wildfly 11 + ReverseProxy + 2 was ssl
Stuart Douglas
sdouglas at redhat.com
Tue Feb 13 18:38:23 EST 2018
You need to configure client cert auth as being required on the front end
server, and then enable certificate-forwarding on the back end server. The
front end will encode the certificate into a header, which will be decoded
by the back end server.
Stuart
On Wed, Feb 14, 2018 at 9:15 AM, paroczizs . <paroczizs at gmail.com> wrote:
> Hi UndertowDev,
>
> Is it possible to configure 2 way ssl with reverse proxy in wildfly
> standalone.xml?
> The schema and the realm set properly in case of 1 way ssl works fine
> however when the back end requests for the client cert the wildfly does not
> sent it:
>
> 22:12:41,187 INFO [stdout] (default task-2) *** CertificateRequest
>
> ...
>
> 22:12:41,213 INFO [stdout] (default task-2) Warning: no suitable
> certificate found - continuing without client authentication
>
>
>
>
> realm looks like this:
>
> <security-realm name="PserverRealm">
>
> <server-identities>
>
> <ssl>
>
> <keystore path="/home/config/pserver.jks"
> keystore-password="123456" alias="pserver" key-password="123456"/>
>
> </ssl>
>
> </server-identities>
>
> <authentication>
>
> <truststore path="/home/config/pserver.jks"
> keystore-password="123456"/>
>
> </authentication>
>
> </security-realm>
>
>
> Another question whether is basic authentication possible from the
> configuration?
>
> Thank you in advance, Zsolt
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Mentes
> a vírusoktól. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#m_-7227769160674502977_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20180214/e4c1eefd/attachment.html
More information about the undertow-dev
mailing list