As far as I know, the certificate doesn't go past the Pound server.
Pound is in charge of all the encrypting/decrypting, and passes the
"plain" request to the backend. So, the cert is NOT installed on the
backend servers.
What pound can do though is add a header that says weather HTTPS was
used in the original request or not. You can find some examples if you
do a search for something like "front-end-https: on" or something like
that. I know that's how some people have implemented it.
Alfonso Espitia, Senior Web Developer
direct 919.657.6933 | e-mail aespitia(at)castleworldwide.com
Castle Worldwide, Inc. | 900 Perimeter Park Drive, Suite G |
Morrisville, NC 27560 USA
www.castleworldwide.com | main 919.572.6880 | fax 919.361.2426
This e-mail message is confidential and is intended only for the named
recipient(s) above. If you are not an intended recipient, you are
hereby notified that any dissemination, distribution, or copying of this
e-mail and any attachment(s) is strictly prohibited. If you have
received this e-mail in error, please immediately notify the sender by
replying to this e-mail and delete the message and any attachment(s)
from your system
-----Original Message-----
From: Rob Moore [mailto:rob.moore(at)gmail.com]
Sent: Friday, September 24, 2010 10:23 AM
To: pound
Subject: [Pound Mailing List] Client certs and HTTPS Backends
I couldn't find any documentation on this in the latest man page or on
the list so thought I'd ask.
Is the client certificate passed via HTTP headers to the HTTPS backend
(just as it would be to an HTTP backend) or is it used directly in the
request to the HTTPS backend (as it would be if the browser connected
directly to the backend without Pound)? I'm assuming the former but
wanted to confirm.
Thanks,
Rob
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
--
This message has been scanned for viruses and dangerous content by
SecureMail, and is believed to be clean.
|
