tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Bockerman <ch...@bockermann.ping.de>
Subject Re: Problem while retreiving Client Certificate
Date Thu, 02 May 2002 10:41:57 GMT
On Thu, May 02, 2002 at 03:03:16AM -0700, Raja  Sekhar wrote:
> Hi,
> 
> I am using Tomcat 4.0.3 with Apache 1.3.24 on Redhat Linux 7.1.
> For SSL, I have configured Apache with mod_ssl & the connector
> I am using is mod_webapp. The SSL Connection is successfully done.
> I have a servlet on Tomcat which is expecting a Client Certificate.
> I have made "SSLVerifyClient -- True" & it accepts client
> certificate at SSL Handshake. 
> 
> I am using the following code to retreive the certificate from
> servlet running on Tomcat
> 
> Object certReqObject = 
>        request.getAttribute("javax.servlet.request.X509Certificate");
> I have downloaded the WarpConnector source. In WarpRequest.java, 
> the certificate object is set to null if any exception occurs. 
> Can any one help me where I am going wrong. I am using trial 
> Server certificate which we automatically get while configuring 
> Apache with SSL. The certificate entry in httpd.conf is as follows
> -----------------------------------------------------
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> SSLVerifyClient require
> SSLVerifyDepth  10 
> -------------------------------------------------------
> Please help me out at the earliest as I am struck badly.
> Thanks & Regards,
> ..Raj

In http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html#s4
there is a bit about Apache+mod_ssl and mod_jk which says 

  "When using mod_jk with Apache & mod_ssl, it is essential 
   to specify "SSLOptions +StdEnvVars +ExportCertData" in 
   the httpd.conf file. Otherwise, mod_ssl will not produce 
   the neccessary environment variables for mod_jk."

Perhaps you should add

  SSLOptions +StdEnvVars +ExportCertData
 
to your httpd.conf as this seems to be a problem with mod_ssl
and mod_jk on the mod_ssl-side and might solve your problem
with mod_webapp and mod_ssl.


-Christian

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message