tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian W H Osborne <josbo...@imsmaxims.com>
Subject Re: Cleint Side Certificates
Date Fri, 24 Dec 2004 09:44:54 GMT
Chris wrote:

>>> You need to pass the truststore in as a JVM arguement.  Do a search 
>>> on the list for SSL.  The exact parameters should be in there.
>>
>> Hmmm, why do you need to do this?  Surely to get client 
>> authentication you don't need to start passing extra parameters to 
>> Tomcat?
>>
>> Have been trawling through the archives and can't find the message 
>> you mean.
>
>
> Sorry, wrong list.  It was on the Axis list.  Here's the relevant text.
>
> ---------------
> I pretty much used this guide (and the new chapter it links to) to do it.
>
> http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
>
> Pretty much everything you need to know is in the SSL section of the new
> chapter.  It starts on page 16 of the pdf.  You gen your keystores and
> truststores, making sure to place them on the appropriate machines.  Then
> change server.xml.  I didn't use JCEKS and all of my stuff works.  The 
> hard
> part was installing Tomcat as a service with the truststore attribute 
> set.
> For some reason, Tomcat doesn't let you set it in server.xml.  Then 
> you just
> modify your client to use https and include the keystore and truststore.
> Other than a typo, the CL version worked perfectly.  I had to just play
> around with tomcat.exe to get it installed as a service, tho.
> ------------------------
>
> As for passing in the parameters, to do 2 way auth, both sides need a 
> truststore and a keystore.  In TC 4.x server.xml doesn't provide you 
> for a way to define a truststore, so you have to pass it in as a JVM arg.
>
> Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
Thanks Chris,

Will have a read over the Christmas period.

Julian


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message