Forwarding Client Certificate Identification Details on Apache HTTP Server to Core Engine

You must configure Apache HTTP server to forward client certificate identification details to the Core Engine.

1. Open the ASG_HOME/modules/http_server/apache/mod_ASG.conf file in a text editor.
2. Add the following line to enable the mod_headers module:

      LoadModule headers_module APACHE_HOME/modules/mod_headers.so
      SSLOptions +StdEnvVars

3. Set RequestHeader directives as follows:

      RequestHeader add X-SSL_PROTOCOL "%{SSL_PROTOCOL}s"
      RequestHeader add CAissuer "%{SSL_CLIENT_I_DN}e"
      RequestHeader add SerialNumber "%{SSL_CLIENT_S_DN}e"

4. Save the changes and close the file.
5. Restart the Apache HTTP server.
6. Start the Core Engine, if not already running. See Starting Core Engine.
7. Test the configuration changes to see that only requests from clients that authenticate themselves with a client certificate are forwarded to the Core Engine. As no partners are configured yet on the Config UI with the credentials specified in the certificate, the incoming request fails the identification with this configuration.
8. To test this configuration setup, enter the following URL to submit a ping operation request:

      http://machine_name:listening_port_value/ping

   If you have configured everything on the Apache HTTP server but have not registered the partner in the TIBCO API Exchange Gateway yet, you should receive the response from TIBCO API Exchange Gateway on the web browser as follows:

      <asg:Error> <asg:ErrorCode> 2001 </asg:ErrorCode>
      <asg:ErrorMessage> Partner null not identified    </asg:ErrorMessage> 
      </asg:Error>

Copyright © Cloud Software Group, Inc. All rights reserved.