tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Client Authentication using SSL
Date Sat, 14 Jul 2012 02:29:59 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeffrey,

On 7/12/12 9:44 AM, Jeffrey Janner wrote:
> Is there anyone who's implemented true-client SSL auth over APR
> that would be willing to share hints/tips on how they handled
> certificate distributions, etc.?

I wasn't using APR -- though it shouldn't be too terrible to switch
from JSK configuration to openssl ; openssl is a *lot* more
straightforward IMO -- and I wasn't actually using CLIENT-AUTH, but I
did some playing-around a few years ago and posted a bunch to the list
about it. Here's on of the threads:
http://markmail.org/thread/vxwwli5nzt4itfr2

You could also look around the archives in the same general time
period (fall 2009) for other semi-related posts by me. I wasn't able
to find a post that said "Here's what I actually got working" though
I'm reasonably certain I actually did do that.

Finally, there is a (relatively) new <Realm> configuration attribute
that you might want to check out if you want to use CLIENT-CERT:
X509UsernameRetrieverClassName

http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAA2acACgkQ9CaO5/Lv0PApAwCgrbYroL5Ywjh2MvBZ1qzcBCAS
wtMAni9T0f9K17xG3AN7IsdCxZZtPurr
=N6zS
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message