Hi,
I have tried to get the client certificate information too, but with no success. I use
Apache 1.3.19 with Tomcat 4.0.
I have been told that when using a connector with Apache & mod_ssl it is essential to
specify "SSLOptions +StdEnvVars +ExportCertData. Otherwise mod_ssl will not produce
the neccessary environment variables for the connector.
When I use a connector to JRun, I use the below code to get the client-information:
---------------------------------------------------------------------------------------------------
java.security.cert.X509Certificate certApache = null;
String certData = request.getHeader("SSL_CLIENT_CERT");
if(certData!=null) {
ByteArrayInputStream inStream = new ByteArrayInputStream(certData.getBytes());
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance("X.509");
certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream);
inStream.close();
}
if(certApache!=null) {
certSubject = certApache.getSubjectDN().getName();
certIssuer = certApache.getIssuerDN().getName();
certSerialNumber = certApache.getSerialNumber().toString();
}
---------------------------------------------------------------------------------------------------
Unfortunately, it seems like the mod_webapp-connector (warp) does not support the
export of client certificate information. They have told me that Tomcat 4.0 can be
accessed by using the mod_jk (ajp13) as a connector. I have not get it worked yet.
If someone makes it work, please let me (us) know....an how!!!
// Matias
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 5:58 PM
Subject: Tomcat 4.0 & Apache with Client Certs
> Scenario
>
> I have apache passing any calls to servlets through to Tomcat 4 via
> the mod_webapp connector.
> My Server certificate and my client certificates work fine to allow
> specific users onto the system.
>
> Problem....Problem....Problem....Problem....Problem....
>
> In Tomcat 3.2.3 it was possible using AJP13 to access Client
> Certificate information via
> request.getAttribute("javax.servlet.request.X509Certificate") from
> within my tomcat servlet. In Release 4.0 using the warp connector this
> doesn`t appear to be the case. When i debug/view my request object for
> it`s attributes there are none present. No CIPHER_SUITE or
> X509Certificate.
>
> Please can someone tell me how i should be accessing client
> certificate information from within Tomcat 4.0 via apache.
>
> My System
>
> Apache-ssl 1.3
> Tomcat 4.0
> mod_webapp.so
> Linux Redhat 7.1
>
> Here is an extract of my httpd.conf
>
> <VirtualHost www.xxxxxxxxxx.co.uk:443>
> SSLEnable
> SSLCertificateFile /usr/local/ssl/www.xxxxxxx.crt
> SSLCertificateKeyFile /usr/local/ssl/www.xxxxxxx.key
> SSLCACertificateFile /usr/local/ssl/xxxxxxx.pem
> SSLVerifyClient 2
> SSLVerifyDepth 10
> SSLFakeBasicAuth
> SSLExportClientCertificates
> SSLCacheServerPort /usr/logs/gcache_port
> SSLCacheServerPath ./bin/gcache
> SSLSessionCacheTimeout 30
> SSLRequiredCiphers RC4-MD5
> SSLCacheServerPath ./bin/gcache
> SSLCacheServerPort logs/gcache_port
> SSLCacheServerRunDir /tmp
> Serveradmin xxxxxx@xxxxxx
> ServerName xxxxxxx
> WebAppConnection warpConnection warp localhost:8008
> WebAppDeploy testcert warpConnection /testcert/
> </VirtualHost>
>
> and my server.xml to receive the warp connector
>
> <!-- Define an Apache-Connector Service -->
> <Service name="Tomcat-Apache">
>
> <Connector className="org.apache.catalina.connector.warp.WarpConnector"
> port="8008" minProcessors="5" maxProcessors="75"
> enableLookups="true" scheme="https" secure="true">
> acceptCount="10" debug="0"/>
> </Connector>
>
> <!--
> <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
> clientAuth="false" protocol="TLS"/>
> -->
>
> <!-- Replace "localhost" with what your Apache "ServerName" is set
> to -->
> <Engine className="org.apache.catalina.connector.warp.WarpEngine"
> name="Apache" defaultHost="localhost" debug="0"
> appBase="webapps">
> .........
>
> Any help or advise greatly appreciated
>
> Lee Lovell
>
