So far, apache is the only server I have found that supports ssl
client authentication. Pound can forward the client certificate so I
could verify it myself. I couldn’t find any information on client
auth with lighttpd. Litespeed evidently doesnt’ support it. I’ve
been trying to use apache for the ssl connection and then pass the ssl
env back to mongrel or lighttpd, without any luck.
Right now using pound and verifying the certificate inside rails seems
like the best choice. I want to stay away from apache and fastcgi if
at all possible.
Any other ideas?
On Tue, Jul 25, 2006 at 11:47:43AM -0700, snacktime wrote:
So far, apache is the only server I have found that supports ssl
client authentication. Pound can forward the client certificate so I
could verify it myself. I couldn’t find any information on client
auth with lighttpd.
It doesn’t support it at present, I’ve checked. But if I had a larger
stock
of round tuits I’d write it in, because it’d give me a few more options
for
some stuff I’m doing. It’s pretty trivial, even – you just need to add
a
few calls here and there to say “ask for a cert” and “check the cert”.
Alas, time constraints and all that.
Right now using pound and verifying the certificate inside rails seems
like the best choice. I want to stay away from apache and fastcgi if
at all possible.
Any other ideas?
Adding the necessary SSL presentation and verification to Mongrel itself
should be about as difficult as it was with webrick – that is to say,
pretty darned simple. The Ruby OpenSSL wrappers are pretty good about
that
sort of thing. You could then load balance as you like.