Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Message-ID: <40BC98EE.9080504@netyourwork.com>
Date: Tue, 01 Jun 2004 07:55:42 -0700
From: Jim Hopp <jim@netyourwork.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.6b) Gecko/20031205 Thunderbird/0.4
MIME-Version: 1.0
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: SSL Client Authorization
References: 
 <5.1.1.6.0.20040601061020.0308de60@pop.ym.phub.net.cable.rogers.com>
 <5.1.1.6.0.20040601091808.0311e8f8@pop.ym.phub.net.cable.rogers.com>
In-Reply-To: 
 <5.1.1.6.0.20040601091808.0311e8f8@pop.ym.phub.net.cable.rogers.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

According to this link 
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

possible values are "true", "want", and (I presume) "false".

I use client authentication in (non-embedded) Tomcat, and "true" does 
indeed require client authentication.

-Jim

Sander Smith wrote:
> Doug,
> 
> Thanks for your help but this isn't what I need. Yes, I want the client 
> to present a certificate for validation during the SSL handshake, but 
> your solution is not available to me. You suggest putting something in a 
> config file, but I'm running Tomcat embedded, so all of the 
> configuration is happening programmatically.
> 
> I have a org.apache.coyote.tomcat5.CoyoteConnector and I call 
> setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side 
> SSL, and this is working great. When I want to request a client 
> certificate I would expect to call setClientAuth(...) to do this. 
> However, I'd expect to pass a boolean into this method, but instead, the 
> interface requires a String!!! To make matters worse, there's no 
> documentation to say what this string is.
> 
> Does anyone know how to do this programmatically??
> 
> Sander Smith
> 
> At 08:20 AM 6/1/2004 -0400, you wrote:
> 
>> Sander,
>>
>> If what you want is to have the client present a certificate for 
>> validation,
>> then in your connector have something like
>>
>> clientAuth="true"
>>
>> See
>> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>>
>> If you are looking for something different let us know.
>>
>> Doug
>> www.parsonstechnical.com
>>
>>
>>
>> ----- Original Message -----
>> From: "Sander Smith" <ssmith3988@rogers.com>
>> To: <tomcat-user@jakarta.apache.org>
>> Sent: Tuesday, June 01, 2004 6:29 AM
>> Subject: SSL Client Authorization
>>
>>
>> > I'm writing an application with SSL that's been working fine, and would
>> > like to enable client authorization. It seemed like the thing to do 
>> was go
>> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and 
>> enable it
>> > there. Lo and behold there is a method (setClientAuth) that seems to do
>> > what I want, but for some strange reason it takes a string as an 
>> argument
>> > instead of a boolean. What am I missing here?? How do I enable this?
>> >
>> > Sander Smith
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org