tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Radu Radutiu <rradu...@gmail.com>
Subject Re: RE: Apache2 SSL with client authentication jk2 tomcat 5 - no user certificate in request
Date Mon, 05 Jul 2004 07:21:15 GMT
Thanks,

My ssl conifiguration in Apache was missing 

SSLOptions  +ExportCertData +StdEnvVars

Now it's working with mod_jk2.

Radu

On Fri, 2 Jul 2004 08:15:32 -0700 , Summers, Bert W.
<bert.w.summers@saic.com> wrote:
> I tried to get that working but failed so I went back to mod_jk which does
> pass the cert.
> 
>     <Directory "/webapps/myapp">
>         SSLVerifyClient optional
>         SSLVerifyDepth  5
>         SSLRequireSSL
>         SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
>         Options Indexes FollowSymLinks
>         DirectoryIndex index.jsp
>     </Directory>
> 
> 
> 
> -----Original Message-----
> From: Radu Radutiu [mailto:rradutiu@gmail.com]
> Sent: Friday, July 02, 2004 7:49 AM
> To: Tomcat Users List
> Subject: Apache2 SSL with client authentication jk2 tomcat 5 - no user
> certificate in request
> 
> Hi,
> 
> I'm running Tomcat 5 + jdk 1.4.2_02 + Apache 2.0.49 (Fedora 1) with mod_jk2.
> I can access the  web app through SSL (with client authentication enabled in
> Apache) but the following attributes are not set in the request:
> "javax.servlet.request.cipher_suite",
> "javax.net.ssl.peer_certificates" and
> "javax.servlet.request.X509Certificate"
> If I access the Tomcat server directly on a port configured with SSL with
> client authentication, "javax.servlet.request.cipher_suite"  and
> "javax.servlet.request.X509Certificate" are set correctly.
> 
> I've tried different versions of tomcat (5.0.25 and 4.1.27), mod_jk2 from
> the binary distribution and  self compiled and get the same result. Running
> a traffic sniffer it seems that the certificate information is never sent to
> the tomcat server.
> 
> The jk2 configuration (in httpd.conf) is the following:
> 
> LoadModule jk2_module modules/mod_jk2.so
> JkSet config.file /etc/httpd/conf/workers2.properties
> # default value
> JkSet2 workerEnv sslEnable 1
> JkSet2 workerEnv forwardKeySize  1
> 
> The workers2.properties is the default file from the binary distribution
> with the updated uri for the web application.
> 
> Is it possible to get the user certificate in Tomcat when using Apache
> + mod_jk2 as a front end?
> 
> Regards,
> 
> Radu
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message