tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesús Luna <>
Subject Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
Date Wed, 06 Oct 2004 09:41:16 GMT
Hi everybody,
Currently I'm developing a servlet that validates with our OCSP service a
user certificate received from Apache v1.3.29 (with mod_ssl v2.8.16 and
ajp13 workers), but the problem is that I need to extract some data about
the correspondent client certificate chain to build the OCSP request and
I've not been able to obtain this from Tomcat v4.1.30 (with mod_jk v1.2) all
under Linux. I'm pretty sure that it's not a configuration problem because
my servlet is already retrieving additional information from mod_jk (i.e.
the client certificate, cipher, protocol and other SSL_ environment
variables from Apache/mod_ssl).

Anyway, in mod_jk I've tried the following directives:

An then from my Java servlet:
String chain0 = (String) request.getAttribute("SSL_CLIENT_CERT_CHAIN_0");
// Also tried it like an X509Certificate object
							 // Variable chain0 appears equal to the string

X509Certificate[] cert
					// Only getting one certificate in the array, the correspondent to the
SSL client
					// No certificates from the chain

Finally, I've been browsing trough some emails on this list that talk about
performance issues with the cert chain extraction so I don´t know if this
feature may be unavailable or something like this.

Thank you in advance for your help, best regards

Jesus Luna Garcia
CertiVeR (U.E. Funded Project)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message