Hello, I set up Signserver using its Timestamp module with client certificate authentication. It is working fine. Current working timestamp URL sample is https://localhost:8443/signserver/process?workerName=TimeStampSigner , however I would like to shorten URL to be something like https://localhost:8443 instead. I could not use any reverse proxy because the requirement need client certificate authentication and log it on Signserver.
Is it possile to set up signserver and worker "TimestampSigner" to be default app and worker? or is there any way to shorten URL to be like https://localhost:8443/signserver/timestamp
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
With a reverse proxy it is usual possible to have it (and the application server) configured to forward the certificate information even if it is terminated in the proxy. Especially for Apache HTTP Server the AJP protocol can be used for this.
If you like an even shorter URL I suppose you would develop your own web module (.war file) that maps to "/" and which contains a Servlet that internally dispatches the requests to the normal WorkerServlet and deploy that to the application server. That way I believe you should be able to have https://localhost:8443/. Let us know if this works if you try it out.
Cheers,
Markus
PrimeKey Solutions
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for your answer, I have a question about it.
If you like an even shorter URL I suppose you would develop your own web module (.war file) that maps to "/" and which contains a Servlet that internally dispatches the requests to the normal WorkerServlet and deploy that to the application server. That way I believe you should be able to have https://localhost:8443/. Let us know if this works if you try it out.
This solution looks like the web module is working like proxy, right?
In that case the SSL connection should be terminated on web module which means that WorkerServlet won't receive client certificate so this shouldn't allow Signserver to do certificate authentication.
Please correct me if I miss something? Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The web module would be running within the same application server. It is the application server that terminates the TLS connection and the certificate will be available to all modules within it so there should not be a problem there as far as I know.
Cheers,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello, I set up Signserver using its Timestamp module with client certificate authentication. It is working fine. Current working timestamp URL sample is https://localhost:8443/signserver/process?workerName=TimeStampSigner , however I would like to shorten URL to be something like https://localhost:8443 instead. I could not use any reverse proxy because the requirement need client certificate authentication and log it on Signserver.
Is it possile to set up signserver and worker "TimestampSigner" to be default app and worker? or is there any way to shorten URL to be like https://localhost:8443/signserver/timestamp
Hi Natham,
With a reverse proxy it is usual possible to have it (and the application server) configured to forward the certificate information even if it is terminated in the proxy. Especially for Apache HTTP Server the AJP protocol can be used for this.
An URL that works out of the box is this:
https://localhost:8443/signserver/worker/TimeStampSigner
If you like an even shorter URL I suppose you would develop your own web module (.war file) that maps to "/" and which contains a Servlet that internally dispatches the requests to the normal WorkerServlet and deploy that to the application server. That way I believe you should be able to have https://localhost:8443/. Let us know if this works if you try it out.
Cheers,
Markus
PrimeKey Solutions
Hi Markus,
Thank you for your answer, I have a question about it.
This solution looks like the web module is working like proxy, right?
In that case the SSL connection should be terminated on web module which means that WorkerServlet won't receive client certificate so this shouldn't allow Signserver to do certificate authentication.
Please correct me if I miss something? Thank you.
Hi Natham,
The web module would be running within the same application server. It is the application server that terminates the TLS connection and the certificate will be available to all modules within it so there should not be a problem there as far as I know.
Cheers,
Markus
Hi Markus.
OK, I got it, thank you for your explantion.