tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Subscriber <subscri...@sepo.dk>
Subject Re: Handling expired client certificate
Date Wed, 01 Nov 2006 17:37:14 GMT
Hi Hassan,

Thanks for your answer. Yes, I've already tried your suggestion. Both 
with the java.security.cert.CertificateExpiredException and the 
javax.net.ssl.SSLHandshakeException, but the problem remains. As I can 
see, the exception is thrown somewhere inside Tomcat, before handling 
control to the webapplication. Hence, the exception is not "catchable" 
inside my webapplication, but is to be handled in some other way 
"inside" the Tomcat engine.

...Suggestions are still very welcome :-)

regards,
kews

Hassan Schroeder wrote:
> On 11/1/06, Subscriber <subscriber@sepo.dk> wrote:
>> Hi,
>>
>> I've configured Tomcat 5.5.17 to use CLIENT-CERT as authentication
>> mechanism via web.xml in my web application. This works as expected and
>> the user gets prompted for a certificate. I'm facing a problem, because
>> when the user supplies a certificate that has expired Tomcat throws an
>> exception in the log like this:
>>
>> INFO: SSL Error getting client Certs
>> javax.net.ssl.SSLHandshakeException:
>> java.security.cert.CertificateExpiredException: NotAfter: Thu Jan 19
>> 08:40:14 CET 2
>> 006
> 
>> My problem is, that I would like to handle the case myself and avoid
>> exceptions in the log and present the user with a good error message. In
>> this case, the user has no clue what-so-ever of what happened because
>> the error remains within Tomcat. What can I do to catch the error myself?
> 
> Have you tried something like this in your web.xml?
> 
> <error-page>
> <exception-type>java.security.cert.CertificateExpiredException</exception-type>

> 
> <location>/WEB-INF/errors/expired.jsp</location>
> </error-page>
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message