directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 11:43:16 GMT
On Fri, Mar 13, 2015 at 7:38 PM, Marc Boorshtein <mboorshtein@gmail.com>
wrote:

> That will validate the certificate.  But I need to be able to get the
> certificate from inside of an interceptor.  Is there any way I can get it
> from the LdapSession?
>
here you have access to the certificate and this is the only place where
you have a chance to see it,
and if you want to store it for any other purpose then you need to extend
server, cause certs are useless
after establishing a secure channel.

> On Mar 13, 2015 3:58 AM, "Kiran Ayyagari" <kayyagari@apache.org> wrote:
>
>>
>>
>> On Fri, Mar 13, 2015 at 1:09 PM, Marc Boorshtein <mboorshtein@gmail.com>
>> wrote:
>>
>>> Correct.
>>> On Mar 12, 2015 8:24 PM, "Kiran Ayyagari" <kayyagari@apache.org> wrote:
>>>
>>>>
>>>>
>>>> On Fri, Mar 13, 2015 at 4:48 AM, Marc Boorshtein <mboorshtein@gmail.com
>>>> > wrote:
>>>>
>>>>> I'm using ApacheDS as the LDAP front end for MyVD.  Its been working
>>>>> great for months.  Here's my question, where can I get a client certificate
>>>>> from? (in instances where ssl client authentication is being used for
SSL
>>>>> connections).
>>>>>
>>>>> so to be clear you are trying to verify the certificate of the client
>>>> that is connecting to ApacheDS, correct?
>>>>
>>> currently this is not supported by the server, it just accepts all
>> certificates of all clients.
>>
>> This can be supported easily by allowing admins to configure either
>> 1. a custom TrustManager or
>> 2. a truststore file.
>> 3. or both
>> I personally prefer 1 cause that will allow for a custom cert verifier
>> and can avoid the overhead of loading client certs into a file
>>
>> Can you raise a feature request in JIRA?
>>
>>> Thanks
>>>>> Marc
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Kiran Ayyagari
>>>> http://keydap.com
>>>>
>>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message