tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josué Alcalde González <jalca...@csa.es>
Subject Apache2 + tomcat6 + SSL with client certificate
Date Fri, 05 Oct 2007 07:08:01 GMT
Hello.

I would like to get some advise about a new application I am developing.

It needs SSL with client certificate and it will be written in java and
deployed in Tomcat 6 with java 6.

The server will be shared with other applications in java, php and
perhaps other.

Now, it is a ubuntu 6.06 server with an apache 2.0 instalation, a tomcat
6.0 and a mod_jk 1.2.14.

There are some applications writen in php and a java aplication. The
java application is served by apache using mod_jk. It uses SSL but it
doesn't need client certificate. SSL is only configured in Apache.
Tomcat 6 uses normal connections (8080, 8009) which are closed.

This works perfectly but my next application will need client auth using
a X509Certificate and I need a way to get it in my Servlets.

I have read some documentation in google and I have try it.

First, I configured a Virtual Host with Apache

---------------------------------------------------------
<VirtualHost *:443>
        ServerAdmin jalcalde@csa.es
        ServerSignature On

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLVerifyClient optional_no_ca

        JkExtractSSL On
        JkMount /ovt ajp13_worker
        JkMount /ovt/* ajp13_worker
</VirtualHost>
---------------------------------------------------------

Then, I made a Servlet to try it:

-----------------------------------------------------------
// Display the cipher suite in use
String cipherSuite = (String)
request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);

// Display the client's certificates, if there are any
if (cipherSuite != null) {
  X509Certificate certChain[] =  (X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
  if (certChain != null) {
    for (int i = 0; i < certChain.length; i++) {
      out.println ("Client Certificate [" + i + "] = " +
certChain[i].toString());
   }
}
-----------------------------------------------------------

And it didn't work. CipherSuite is always null.

I haven't configured anything in tomcat. As I have read, it should work
but it is obvious I am missing something.

I would like to manage SSL with Apache better than using java keystores,
if it is possible. 

Also, I would like to have an application which does not need apache to
work and which works perfectly in tomcat standalone.


-- 
_______________________________________________
Josué Alcalde González
jalcalde@csa.es
Dpto. Desarrollo

CSA - Centro Regional de Servicios Avanzados
C/ López Bravo, 1
Pol. Ind. Villalonquéjar (Burgos)

Tel. (+34) 947 256 250
Fax. (+34) 947 256 583

Web: http://www.csa.es



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message