tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34643] - document how to use certificate-based "clientAuth" on a per user or per session basis also with self-signed/expired client certs
Date Wed, 11 May 2005 16:28:49 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34643>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34643





------- Additional Comments From hauser@acm.org  2005-05-11 18:28 -------
as per comment 4 item D), got (pseudo-)self signed certs working (it is not the
browser's fault), i.e. I first created a self-signed (root9cert), signed the
user-cert with it and imported the root-cert into the
$JAVA_HOME/jre/lib/security/cacerts for tomcat. Since this doesn't scale as
mentioned in  and in the described in item 3 GUI/application control flow, the
session may well exist before the CLIENT-CERT is executed:
i) register trust-store with user-self-signed cert in session for the user to be
authenticated as per Bug 34868
ii) response.sendRedirect(/certBasedAuth.do);
    now that trust-store would be effective upon the subsequent request doing
the auth

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message