tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christophe Warland <>
Subject Re: mod_jk, SSL and client certs
Date Fri, 28 Jul 2000 18:13:25 GMT

Hi Markus,

I am happy my DLL worked for you. I copy the newsgroup on this reply because
it might be helpful for someone else out there.

I have been able to access the client certificate in Tomcat through the
following settings (non-exhaustive list):

- in tomcat/conf/server.xml, add the following:
        <!-- Apache AJP13 support.  -->
        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler"
            <Parameter name="port" value="8009"/>

        <!-- add your webapp>
        <Context path="/tintagel" docBase="c:/www/docs/"
debug="0" reloadable="true" >

- in tomcat/conf/
      worker.list=ajp12, ajp13

- in apache/conf/httpd.conf:
LoadModule jk_module modules/mod_jk.dll
<IfModule mod_jk.c>
  JkWorkersFile c:/www/conf/
  JkLogFile  logs/jk.log
  JkLogLevel warn
  JkMount /*.jsp ajp13
  Alias /tintagel C:\www\docs\\tintagel
  <Location /tintagel/WEB-INF/ >
        AllowOverride None
        deny from all
  JkMount /tintagel/cert ajp13

- in C:\www\docs\\tintagel\WEB-INF\server.xml:

- in com.s1.exc.test.https.CertServlet:
    Object o = request.getAttribute("javax.servlet.request.X509Certificate");

Depending on the Servlet engine, this object "o" might be a String
(Tomcat3.2-dev), a X509Certificate (Netscape ES) or something else. I don't
know what the current Tomcat3.2b2 returns because my code implicitly tests
for the class name of "o" and does the appropriate transaformation into a
X509Certificate object without outputing any debug info.

Good luck, and tell us how things are working for you!


Christophe wrote:

> Hi Christophe,
> that did it! Thanks for your help!
> Have you used SSL with mod_jk? The client certificate doesn't seem to get
> passed through to Tomcat...
> Markus
> =====================================================================
> This email message is for the sole use of the intended recipient(s)
> and may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited.
> If you are not the intended recipient, please contact the sender by
> reply email and destroy all copies of the original message
> =====================================================================
> Markus Breilmann              
> Director of Technology                           tel: +1.415.455.5770
> The Tamalpais Group, Inc.                        fax: +1.415.455.5771
> 11 Belle Avenue                                 web:
> CA 94960 San Anselmo, USA
> PGP Fingerprint:             96E7 8096 E893 F6FD  A60B 97F3 7F5D 941D

View raw message