tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesús Luna <j.l...@certiver.com>
Subject RE: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
Date Thu, 07 Oct 2004 07:53:20 GMT
> -----Mensaje original-----
> De: jean-frederic clere [mailto:jfrederic.clere@fujitsu-siemens.com]
> Enviado el: miércoles, 06 de octubre de 2004 16:54
> Para: Tomcat Developers List
> Asunto: Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
>
> What do have in httpd.conf?
>
>
In my httpd.conf I've appended the following lines related to mod_ssl and
mod_jk:
Include /usr/local/java/tomcat4/conf/mod_jk.conf
Include /usr/local/apache/conf/ssl.conf

File mod_jk.conf looks like this:
	<IfModule !mod_jk.c>
	LoadModule jk_module "/usr/local/apache/libexec/mod_jk.so"
	</IfModule>
	JkExtractSSL On
	JkHTTPSIndicator HTTPS
	JkSESSIONIndicator SSL_SESSION_ID
	JkCIPHERIndicator SSL_CIPHER
	JkCERTSIndicator SSL_CLIENT_CERT
	JkEnvVar SSL_PROTOCOL sslProtocol
	JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0
	JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT
	JkWorkersFile "/usr/local/java/tomcat4/conf/workers.properties"
	JkLogFile "/var/log/httpd/mod_jk.log"
	JkLogLevel debug

And file ssl.conf:
  <IfDefine SSL>
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl
  SSLPassPhraseDialog  builtin
  SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
  SSLSessionCacheTimeout  300
  SSLMutex  file:/usr/local/apache/logs/ssl_mutex
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLLog      /var/log/httpd/ssl_engine_log
  SSLLogLevel info
  <VirtualHost _default_:443>
  DocumentRoot "/usr/local/httpd/sslhtdocs"
  ErrorLog /var/log/httpd/error_log
  TransferLog /var/log/httpd/access_log
  SSLEngine on
  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/smurf.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/smurf.key
  SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
  SSLCARevocationPath /usr/local/apache/conf/ssl.crl
  SSLVerifyClient require
  SSLVerifyDepth  10
  SSLOptions +StdEnvVars +ExportCertData

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars +ExportCertData
  </Files>
  <Directory "/usr/local/apache/cgi-bin">
      SSLOptions +StdEnvVars +ExportCertData
  </Directory>
  SetEnvIf User-Agent ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
  CustomLog /var/log/httpd/ssl_request_log \
            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  #################### www.semarket.com:/certiver ####################
         # Static files
         Alias /certiver "/usr/local/java/tomcat4/webapps/certiver"
        <Directory "/usr/local/java/tomcat4/webapps/certiver">
            Options Indexes FollowSymLinks
            DirectoryIndex index.jsp index.html
        </Directory>
       <Location "/certiver/WEB-INF/*">
         AllowOverride None
          deny from all
       </Location>
       <Location "/certiver/META-INF/*">
         AllowOverride None
         deny from all
       </Location>
       JkMount /certiver/* ajp13
  </VirtualHost>
  </IfDefine>


Thanks!

_______________________
Jesus Luna Garcia
CertiVeR (U.E. Funded Project)
j.luna@certiver.com
http://www.certiver.com



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message