tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Hopp <...@netyourwork.com>
Subject Re: SSL Client Authorization
Date Tue, 01 Jun 2004 14:55:42 GMT
According to this link 
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

possible values are "true", "want", and (I presume) "false".

I use client authentication in (non-embedded) Tomcat, and "true" does 
indeed require client authentication.

-Jim

Sander Smith wrote:
> Doug,
> 
> Thanks for your help but this isn't what I need. Yes, I want the client 
> to present a certificate for validation during the SSL handshake, but 
> your solution is not available to me. You suggest putting something in a 
> config file, but I'm running Tomcat embedded, so all of the 
> configuration is happening programmatically.
> 
> I have a org.apache.coyote.tomcat5.CoyoteConnector and I call 
> setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side 
> SSL, and this is working great. When I want to request a client 
> certificate I would expect to call setClientAuth(...) to do this. 
> However, I'd expect to pass a boolean into this method, but instead, the 
> interface requires a String!!! To make matters worse, there's no 
> documentation to say what this string is.
> 
> Does anyone know how to do this programmatically??
> 
> Sander Smith
> 
> At 08:20 AM 6/1/2004 -0400, you wrote:
> 
>> Sander,
>>
>> If what you want is to have the client present a certificate for 
>> validation,
>> then in your connector have something like
>>
>> clientAuth="true"
>>
>> See
>> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>>
>> If you are looking for something different let us know.
>>
>> Doug
>> www.parsonstechnical.com
>>
>>
>>
>> ----- Original Message -----
>> From: "Sander Smith" <ssmith3988@rogers.com>
>> To: <tomcat-user@jakarta.apache.org>
>> Sent: Tuesday, June 01, 2004 6:29 AM
>> Subject: SSL Client Authorization
>>
>>
>> > I'm writing an application with SSL that's been working fine, and would
>> > like to enable client authorization. It seemed like the thing to do 
>> was go
>> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and 
>> enable it
>> > there. Lo and behold there is a method (setClientAuth) that seems to do
>> > what I want, but for some strange reason it takes a string as an 
>> argument
>> > instead of a boolean. What am I missing here?? How do I enable this?
>> >
>> > Sander Smith
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message