OK, problem solved. I added
SSLOptions +ExportCertData
and now it's working again.
Regards,
Diego
Diego Manilla Suárez escribió:
> Hi. I'm using client certificates in certain parts of my webapp. When
> I was using mod_proxy_ajp I could retrieve the client certificates
> from a request attribute:
>
> request.getAttribute("javax.servlet.request.X509Certificate");
>
> But now I've switched to mod_jk and I always get null. This is my
> current config in Apache 2.2:
>
> ######################
> LoadModule jk_module modules/mod_jk.so
> JkWorkersFile workers.properties
> JkShmFile logs/mod_jk.shm
> JkLogFile logs/mod_jk.log
> JkLogLevel info
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> JkOptions +ForwardSSLCertChain
>
> <VirtualHost _default_:8443>
> JkMount /WSindex worker1
> JkMount /WSindex/* worker1
> SSLVerifyClient require
> SSLVerifyDepth 10
> # More irrelevant SSL configuration...
> </VirtualHost>
> ######################
>
> In Tomcat 5.5.26:
>
> ######################
> <Connector port="8009" enableLookups="false" protocol="AJP/1.3"
> URIEncoding="UTF-8" connectionTimeout="600000" />
> ######################
>
> workers.properties:
>
> ######################
> worker.list=worker1
> worker.worker1.type=ajp13
> worker.worker1.host=localhost
> worker.worker1.port=8009
> worker.worker1.connection_pool_timeout=600
> worker.worker1.socket_timeout=60
> worker.worker1.socket_keepalive=1
> ######################
>
> Any idea?
>
> Thanks in advance.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
****
****
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|