I have published an internal web site with HTTPS and set the
ssl_verify_client on. I need some fields from the client certificate to
send them to the back-end web server, so I can correctly access a
specific database.
It’s working but I also need to redirect the client to a second internal
website in case his certificate is missing or is invalid.
I have tried to capture the error page that I’ve got in the browser
(when I don’t send a client certificate) and put a redirect link in that
error page. The second website will generate the client certificates
based on a user and password.
I am trying to avoid to give 2 separate links to the client (one for the
client certificate generation and one for database access)
Any suggestions? I’ve tried also to do this with apache ssl_error_module
with no luck.
Thanks in advance.
Your setup is working fine if I do reverse proxy on http.
Because I needed to redirect the error to a https page, I have modified
the setup by creating another proxy ssl instance, where I didn’t asked
for ssl_verify_client.
My setup is working now, even if I don’t use the standard SSL port. Any
other suggestions for it?
Here it is, for any other interested:
On Tue, Sep 22, 2009 at 05:45:27AM -0400, adileso wrote:
Thank you very much Igor,
Your setup is working fine if I do reverse proxy on http.
Because I needed to redirect the error to a https page, I have modified the setup by creating another proxy ssl instance, where I didn’t asked for ssl_verify_client.