This section will show you how to use an Apache Web Server Proxy in front of EJBCA. The resulting server will
- Display EJBCA public web at https://ca-server.company.local/
- Redirect all HTTP-requests to HTTPS, except for OCSP and CRL.
- Require a client SSL certificate when accessing https://ca-server.company.local/adminweb/
- Be able to loadbalance requests
- Still answer to requests on https://ca-server.company.local/ejbca/*
This example was created on Ubuntu 64-bit Server 7.10 using the Apache Web Server 2.2 package, but should be easy to adapt to any system able to run Apache.
Start by installing EJBCA as normal. If you intend to have the CA on the same machine as the proxy you should modify $EJBCA_HOME/conf/web.properties to only listen to localhost