tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Diego Manilla Suárez <diego.mani...@xeridia.com>
Subject Re: Problems retrieving client certificates with mod_jk
Date Tue, 02 Jun 2009 09:44:42 GMT
OK, problem solved. I added

SSLOptions +ExportCertData

and now it's working again.

Regards,
Diego

Diego Manilla Suárez escribió:
> Hi. I'm using client certificates in certain parts of my webapp. When 
> I was using mod_proxy_ajp I could retrieve the client certificates 
> from a request attribute:
>
> request.getAttribute("javax.servlet.request.X509Certificate");
>
> But now I've switched to mod_jk and I always get null. This is my 
> current config in Apache 2.2:
>
> ######################
> LoadModule jk_module modules/mod_jk.so
> JkWorkersFile workers.properties
> JkShmFile logs/mod_jk.shm
> JkLogFile logs/mod_jk.log
> JkLogLevel info
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> JkOptions +ForwardSSLCertChain
>
> <VirtualHost _default_:8443>
> JkMount /WSindex worker1
> JkMount /WSindex/* worker1
> SSLVerifyClient require
> SSLVerifyDepth  10
> # More irrelevant SSL configuration...
> </VirtualHost>
> ######################
>
> In Tomcat 5.5.26:
>
> ######################
> <Connector port="8009" enableLookups="false" protocol="AJP/1.3" 
> URIEncoding="UTF-8" connectionTimeout="600000" />
> ######################
>
> workers.properties:
>
> ######################
> worker.list=worker1
> worker.worker1.type=ajp13
> worker.worker1.host=localhost
> worker.worker1.port=8009
> worker.worker1.connection_pool_timeout=600
> worker.worker1.socket_timeout=60
> worker.worker1.socket_keepalive=1
> ######################
>
> Any idea?
>
> Thanks in advance.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

****

****

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message