tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Tomcat over AJP with Apache in front SSL Issues
Date Wed, 02 Sep 2009 18:40:29 GMT
On 14.08.2009 06:53, matt617 wrote:
> I am using Apaches MOD SSL to do the certificate enforcement. It then uses
> the mod proxy to push the certificate info over AJP to my tomcat instance.
> tomcat does not have SSL enables at the container level but my application
> seems to pick up the certificate info jsut fine this way... 
> yes i mean that the browser is prompting the user for their client
> certificate repeatedly, roughly once every 10 minutes, this is the problem i
> have been struggling with.

Hmmm, do your have the SSL session timeout in Apache set to 600 seconds?
It would indicate, that there's a problem with session renegotiation and
client certificates. Usually this should work.

Check the SSL session timeout to see, whether your 10 minutes could come
from the (and choose another value to verify, that the 10 minutes change

If this is true, I would first update to a recent version of Apache and
OpenSSL in order to rule out bugs there.

Another possibility could be a browser bug. Does it happen for varous
browsers, like MSIE and Firefox?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message