This is a multi-part message in MIME format.

------=_NextPart_000_0060_01C422D6.7766FB80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

Does mod_ssl support any type of error handling for the client =
certificate authentification?
I'd really like to have another page load than a server not found one =
when a client presents an invalid certificate.

If not, is it possible to bypass some verifications such as the cert =
date, so my servlet engine can check that itself
and display an appropriated error page instead of the server not found =
one?
So Apache would just take the certificate, not check anything, export =
it, and I'll handle all cert related errors somewhere else.

Thanks,

Michael Lamot


------=_NextPart_000_0060_01C422D6.7766FB80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Does mod_ssl support any type of error =
handling for
the client certificate authentification? </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I'd really like to have another page =
load than a
server not found one when a client presents an invalid =
certificate.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>If not, is it possible to bypass some =
verifications
such as the cert date, so my servlet engine can check that =
itself</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>and display an appropriated error page =
instead of
the server not found one? </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>So Apache would just take the =
certificate,
</FONT><FONT face=3DArial size=3D2>not check anything, export it, and =
I'll handle
all cert related errors somewhere else.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Michael Lamot</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML>

------=_NextPart_000_0060_01C422D6.7766FB80--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

Hello everyone.

I am quite new to ssl, so I have a question.

While a connection between a pc client and
a web server is encrypted, I do not know if
the connection that may result thereafter is
encrypted too, that is, if ssl.conf contain
an entry that look like this:

<Location /xx/xxx/*yyy*>
SetHandler weblogic-handler
WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
ErrorPage /xx/xxx/xxx/xxx/errpage.html
</Location>

Is the data that is sent and received between the
webserver and host1/2.dom.dom.se also encrypted, and
is there a way to check that ?

Or is the question about encryption something that
(in this case) the weblogic module (that Apache uses)
is responsible for ?


Regards

Anders





____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

AFAIK the apache-weblogic connection isn't encrypted.
And yes if encrypted it would be weblogic modules
responsibilty. You can check with a tcpdump (use
ethereal on Linux/Unix). You could use Stunnel to
create an SSL tunnel between the apache and weblogic
boxes. How well this works I don't know.

Regards
Matt

--- Ringaby Anders <andrin [at] rsv.se> wrote:
>
>
> Hello everyone.
>
> I am quite new to ssl, so I have a question.
>
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
>
> <Location /xx/xxx/*yyy*>
> SetHandler weblogic-handler
> WebLogicCluster
> host1.dom.dom.se:99999,host2.dom.dom.se:99999
> ErrorPage /xx/xxx/xxx/xxx/errpage.html
> </Location>
>
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
>
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache
> uses)
> is responsible for ?
>
>
> Regards
>
> Anders
>
>
>
>
>
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users [at] modssl.org
> Automated List Manager
majordomo [at] modssl.org





__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

client ----(a)-----> Apache -----(b)----> Weblogic

If the client connects to Apache using SSL, (a) will be encrypted but (b)
will not (unless you can configure mod_wl to use SSL, which I dont believe
you can). the assumption is that (b) is occurring over a private, trusted
network. If you need to encrypt (b) I would suggest either setting up a VPN
or using Apache as a reverse proxy with SSL (the weblogic protocol in modern
versions is basically HTTP with a couple of extra headers)

cheers

Daniel

> Hello everyone.
>
> I am quite new to ssl, so I have a question.
>
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
>
> <Location /xx/xxx/*yyy*>
> SetHandler weblogic-handler
> WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
> ErrorPage /xx/xxx/xxx/xxx/errpage.html
> </Location>
>
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
>
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache uses)
> is responsible for ?
>
>
> Regards
>
> Anders
>
>
>
--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

Weblogic used to provide an ssl version of the mod_wl module, I think it
was named mod_wl_ssl. Obtaining the correct mod_wl_ssl may be dependent
on which version of weblogic and apache are being used.

We have run this configuration on Apache 1.x

client --> FireWall --> Apache --> Firewall ---> Weblogic
only port 443 mod_wl_ssl port nnnn
is configurable

David

-----Original Message-----
From: Daniel Lopez [mailto:daniel [at] rawbyte.com]
Sent: Friday, April 16, 2004 6:48 AM
To: modssl-users [at] modssl.org
Subject: Re: Encryption and weblogic module


client ----(a)-----> Apache -----(b)----> Weblogic

If the client connects to Apache using SSL, (a) will be encrypted but
(b)
will not (unless you can configure mod_wl to use SSL, which I dont
believe
you can). the assumption is that (b) is occurring over a private,
trusted
network. If you need to encrypt (b) I would suggest either setting up a
VPN
or using Apache as a reverse proxy with SSL (the weblogic protocol in
modern
versions is basically HTTP with a couple of extra headers)

cheers

Daniel

> Hello everyone.
>
> I am quite new to ssl, so I have a question.
>
> While a connection between a pc client and
> a web server is encrypted, I do not know if
> the connection that may result thereafter is
> encrypted too, that is, if ssl.conf contain
> an entry that look like this:
>
> <Location /xx/xxx/*yyy*>
> SetHandler weblogic-handler
> WebLogicCluster host1.dom.dom.se:99999,host2.dom.dom.se:99999
> ErrorPage /xx/xxx/xxx/xxx/errpage.html
> </Location>
>
> Is the data that is sent and received between the
> webserver and host1/2.dom.dom.se also encrypted, and
> is there a way to check that ?
>
> Or is the question about encryption something that
> (in this case) the weblogic module (that Apache uses)
> is responsible for ?
>
>
> Regards
>
> Anders
>
>
>
--
Teach Yourself Apache 2 -- http://apacheworld.org/ty24/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

But that module is for when Apache has been compiled with SSL (EAPI
patches) does not provide SSL support.

> Weblogic used to provide an ssl version of the mod_wl module, I think it
> was named mod_wl_ssl. Obtaining the correct mod_wl_ssl may be dependent
> on which version of weblogic and apache are being used.
>
> We have run this configuration on Apache 1.x
>
> client --> FireWall --> Apache --> Firewall ---> Weblogic
> only port 443 mod_wl_ssl port nnnn
> is configurable
>
> David
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org