Return-Path: 
 <tomcat-user-return-104724-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 71710 invoked from network); 5 Jul 2004 07:22:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 5 Jul 2004 07:22:05 -0000
Received: (qmail 47947 invoked by uid 500); 5 Jul 2004 07:21:37 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 47920 invoked by uid 500); 5 Jul 2004 07:21:37 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 47898 invoked by uid 99); 5 Jul 2004 07:21:36 -0000
X-ASF-Spam-Status: No, hits=1.3 required=10.0
	tests=RCVD_BY_IP,SB_NEW_BULK,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received: from [64.233.170.193] (HELO mproxy.gmail.com) (64.233.170.193)
  by apache.org (qpsmtpd/0.27.1) with SMTP; Mon, 05 Jul 2004 00:21:35 -0700
Received: by mproxy.gmail.com with SMTP id c3so24240rnb
        for <tomcat-user@jakarta.apache.org>;
 Mon, 05 Jul 2004 00:21:15 -0700 (PDT)
Received: by 10.38.89.31 with SMTP id m31mr6504rnb;
        Mon, 05 Jul 2004 00:21:15 -0700 (PDT)
Message-ID: <41eb6d5f040705002156be876@mail.gmail.com>
Date: Mon, 5 Jul 2004 10:21:15 +0300
From: Radu Radutiu <rradutiu@gmail.com>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: RE: Apache2 SSL with client authentication jk2 tomcat 5 - no user
 certificate in request
In-Reply-To: 
 <08A89F1DEA45E44DA4DF4585C3E0FBA0099AF686@cp-its-exs04.mail.saic.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: 
 <08A89F1DEA45E44DA4DF4585C3E0FBA0099AF686@cp-its-exs04.mail.saic.com>
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Thanks,

My ssl conifiguration in Apache was missing 

SSLOptions  +ExportCertData +StdEnvVars

Now it's working with mod_jk2.

Radu

On Fri, 2 Jul 2004 08:15:32 -0700 , Summers, Bert W.
<bert.w.summers@saic.com> wrote:
> I tried to get that working but failed so I went back to mod_jk which does
> pass the cert.
> 
>     <Directory "/webapps/myapp">
>         SSLVerifyClient optional
>         SSLVerifyDepth  5
>         SSLRequireSSL
>         SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
>         Options Indexes FollowSymLinks
>         DirectoryIndex index.jsp
>     </Directory>
> 
> 
> 
> -----Original Message-----
> From: Radu Radutiu [mailto:rradutiu@gmail.com]
> Sent: Friday, July 02, 2004 7:49 AM
> To: Tomcat Users List
> Subject: Apache2 SSL with client authentication jk2 tomcat 5 - no user
> certificate in request
> 
> Hi,
> 
> I'm running Tomcat 5 + jdk 1.4.2_02 + Apache 2.0.49 (Fedora 1) with mod_jk2.
> I can access the  web app through SSL (with client authentication enabled in
> Apache) but the following attributes are not set in the request:
> "javax.servlet.request.cipher_suite",
> "javax.net.ssl.peer_certificates" and
> "javax.servlet.request.X509Certificate"
> If I access the Tomcat server directly on a port configured with SSL with
> client authentication, "javax.servlet.request.cipher_suite"  and
> "javax.servlet.request.X509Certificate" are set correctly.
> 
> I've tried different versions of tomcat (5.0.25 and 4.1.27), mod_jk2 from
> the binary distribution and  self compiled and get the same result. Running
> a traffic sniffer it seems that the certificate information is never sent to
> the tomcat server.
> 
> The jk2 configuration (in httpd.conf) is the following:
> 
> LoadModule jk2_module modules/mod_jk2.so
> JkSet config.file /etc/httpd/conf/workers2.properties
> # default value
> JkSet2 workerEnv sslEnable 1
> JkSet2 workerEnv forwardKeySize  1
> 
> The workers2.properties is the default file from the binary distribution
> with the updated uri for the web application.
> 
> Is it possible to get the user certificate in Tomcat when using Apache
> + mod_jk2 as a front end?
> 
> Regards,
> 
> Radu
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org