-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
My httpd configuration looks like this:
SSLEngine On
SSLCertificateFile ...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
logs
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLOptions +ExportCertData
JkOptions +ForwardSSLCertChain
JkMount /cschultz-chadis/*.jsp worker21
JkLogLevel debug
# chain.crt contains all 3 certificates
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache but before sending it over the wire. At least we know
we got the data from Apache and because it is three and not four certs
it is likely,
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
https://issues.apache.org/bugzilla/show_bug.cgi?id=39637
indicates you'll need 5.5.28 ...
HTH!
On 20.11.2009 18:44, Rainer Jung wrote:
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLOptions +ExportCertData
JkOptions +ForwardSSLCertChain
JkMount /cschultz-chadis/*.jsp worker21
JkLogLevel debug
#
Since certs are public anyhow (not keys), here's the decoding done by
openssl -x509 -in ... -text:
On 20.11.2009 18:49, Rainer Jung wrote:
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 12:39 PM, Rainer Jung wrote:
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:51 PM, Rainer Jung wrote:
OpenSSL Code looks like only returning the chain provided by the client,
and the client should not provide the root.
Ok.
At the moment I see no way of getting the root CA which verified the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 4:12 PM, Christopher Schultz wrote:
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache
Christopher Schultz ch...@christopherschultz.net wrote in message
news:4b070643.1070...@christopherschultz.net...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a
13 matches
Mail list logo