Using a Reverse Proxy with Mutual SSL Authentication

Configure the reverse proxy to connect to Unwired Server using mutual SSL authentication, then set up specific certificate requirements.

1. Configure the reverse proxy to connect the mutual SSL port of Unwired Server.
2. Configure the reverse proxy to trust the Unwired Server certificate.
3. Configure the reverse proxy to use an impersonator client certificate to connect Unwired Platform. The client certificate must be mapped to the "SUP Impersonator" role for all security configurations.
4. Configure the reverse proxy to require a client certificate.
5. Configure the reverse proxy with all trusted CA certificates of Unwired Platform, in order to accept all client certificates which can be accepted by Unwired Platform.
6. Configure the reverse proxy to forward the client certificate as a SSL_CLIENT_CERT HTTP header to the Unwired Server, in order for the server to retrieve and authenticate it.

Listen 8082 
<VirtualHost *:8082>
ServerName proxy-server
  # activate HTTPS on the reverse proxy
    SSLEngine on
    SSLCertificateFile "C:/Apache2.2/conf/proxy-server.crt"
    SSLCertificateKeyFile "C:/Apache2.2/conf/proxy-server.key"
    SSLCertificateChainFile "C:/Apache2.2/conf/proxy-server-ca.crt"
  # activate the client certificate authentication
    SSLCACertificateFile "C:/Apache2.2/conf/trusted-client-ca.crt"
    SSLVerifyClient require
    SSLVerifyDepth 10
    SSLProxyEngine On
    SSLProxyCACertificateFile C:/Apache2.2/conf/sup-server-ca.crt
    SSLProxyMachineCertificateFile C:/Apache2.2/conf/proxy-client.pem
  # initialize the special headers to a blank value to avoid http header forgeries
    RequestHeader set SSL_CLIENT_CERT "" 
    <Location /> 
        4.add SSL_CLIENT_CERT header to forward real client certificate
        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
        ProxyPass https://sup-server:8002/ 
        ProxyPassReverse https://sup-server:8002/ 
    </Location>
</VirtualHost>