Forum Discussion

Nick_68106's avatar
Icon for Nimbostratus rankNimbostratus
Feb 25, 2011

SSL client cert auth between two Apache servers

Greetings all,


I have been bouncing around the idea of having one of my Apache servers authenticate against the other Apache server using Client SSL Certs. However I can not find a way to make Apache send a Client certificate when it initiates the request, using mod_proxy, to the other Apache server. However both Apache servers reside behind VIPs on LTMs. So what I am thinking is writing an iRule on Apache server A VIP to include the Client SSL cert when making a request to Apache server B VIP.



Before I start trying to tackle this I was wondering if anyone has done something similar , I have searched around the forums with minimal success but some good starting points.



Any pointers? Has anyone tried this before? Is it even possible?



Thanks in advance,




2 Replies

  • Hi Nick,



    Can you give some background on why you want to do this?



    You could have LTM send a client cert when it load balances a VS connection to a pool member (like the destination Apache server). You can do this using a custom server SSL profile. This wouldn't validate the Apache server acting as a client, but it would allow you to require a client cert on any connections to the destination Apache server.



  • Thanks for the reply hoolio,


    The reason for this is wanting to get away from username/password authentication between the two web servers and force a stronger authentication method. However you bring up a very valid point "this wouldn't validate the Apache server acting as a client". I over looked that when I started to realize this would be possible to accomplish in the load balancer.



    Thank you for the quick response. I think you saved me from going down the wrong road. I am going to head back to mod_proxy land and see if I can get it to work there.