SSL Client certificate validation through a proxy

Brief run down on the environment:

Requests to the web site occur via IIS

IIS is in the DMZ

IIS implements SSL

IIS routes request to a cluster of weblogic servers

Question:If we set up IIS to require client certificates, will the cert credentials be available in the request object when it comes to the servlet hosted on weblogic?

[368 byte] By [FreeSoul001a] at [2007-10-2 14:16:32]

«« Help with Pager Tag Library
»» Initialize Web Service

# 1

Ok got the answer finally.

This attribute needs to be set in your web-app

<context-param>

<param-name>weblogic.httpd.clientCertProxy</param-name>

<param-value>true</param-value>

</context-param>

And you will be able to read on the client cert parameters.

Again, this is how it is possible, but not the recommended approach. Please review your environment completely before using it.

Credits to the solution: Found this at the following URL

http://forums.bea.com/bea/message.jspa?messageID=202277109&tstart=0

FreeSoul001a at 2007-7-13 12:32:46 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

SSL Client certificate validation through a proxy

Security New Topic

Security Hot Topic

Security

All Classified