tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Сергей Ковтун <>
Subject give X509Certificate from ssl connection
Date Wed, 25 Oct 2006 06:57:47 GMT
Dear friends!

I only start to work with tomcat, and already asked about it but have not
received the answer. Working with tomcat without ARP I could receive from  
request the
information necessary to me.
The following code:
public synchronized void doPost (HttpServletRequest request,
HttpServletResponse response)
   throws ServletException, OException {
   if (request.isSecure())
	 X509Certificate[]cr = (X509Certificate[])  
Here a fragment of mine server.xml(without ARP):
     <Connector port="8443" maxHttpHeaderSize="8192"
                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                enableLookups="false" disableUploadTimeout="true"
                acceptCount="100" scheme="https" secure="true"
                clientAuth="true" sslProtocol="TLS"

In this case(above) all works also I obtain data of the certificate of the  

If work goes with ARP (tcnative-1.dll) I cannot receive this information  
any more.
Probably this information can be received a different way, but I do not  
know as.
Here a fragment of mine server.xml:
	<Connector port = "8443" maxHttpHeaderSize = "8192"
			 maxThreads = "150" minSpareThreads = "25" maxSpareThreads = "75"
			 enableLookups = "false" disableUploadTimeout = "true"
			 acceptCount = "100" scheme = "https" secure = "true"
			 SSLEngine = "on"
			 SSLProtocol = "all"
			 SSLCipherSuite = "ALL"
			 SSLPassword = "pass"
			 SSLVerifyClient = "require"
			 SSLCertificateFile = " $ {catalina.base}/conf/localhost.crt "
			 SSLCertificateKeyFile = " $ {catalina.base}/conf/localhost.key "
			 SSLCACertificateFile = "${catalina.base}/conf/ca-bundle-client.crt"
Thus connection with the client occurs without mistakes, and the necessary  
data from
servlet I receive (i.e. the identification of the client works) but given  
SSL are necessary for me
Connections. Beforehand I thank all answered to me!

   Best regards,
   Sergey Kowtoon

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message