Hi all, I am trying retrieve the client certificate from a servlet:
Object ostrX509 = request.getAttribute("javax.servlet.request.X509Certificate"); if (ostrX509 == null) { .... is null!! but I can get the cipher suite: String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite"); .... is RC4-MD5 The output file catalina.out shows the error "GRAVE: Certificate convertion failed". *Output with security provider SUN: GRAVE: Certificate convertion failed java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=108, too big. at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:287) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:632) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:590) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:707) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530) at java.lang.Thread.run(Thread.java:536) Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=108, too big. at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) at sun.security.util.DerInputStream.getLength(DerInputStream.java:487) at sun.security.util.DerValue.<init>(DerValue.java:233) at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:369) at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1568) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:284) *Output with security provider IAIK: GRAVE: Certificate convertion failed java.security.cert.CertificateException: iaik.asn1.CodingException: ASN1: NumericString does not support getComponentAt(int)! at iaik.x509.X509Certificate.b(Unknown Source) at iaik.x509.X509Certificate.decode(Unknown Source) at iaik.x509.X509Certificate.<init>(Unknown Source) at iaik.x509.CertificateFactory.engineGenerateCertificate(Unknown Source) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:632) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:590) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:707) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530) at java.lang.Thread.run(Thread.java:536) My http configuration is: <IfDefine SSL> Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin <VirtualHost _default_:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/cert/shire.umu.euro6ix.org.pem SSLCertificateKeyFile /usr/local/apache2/conf/cert/shire.umu.euro6ix.orgKey.der.p1 SSLCACertificateFile /usr/local/apache2/conf/cert/Euro6IX_Root_PKI_IV.pem SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StdEnvVars +ExportCertData .... What am I missing? Any help greatly appreciated! Félix -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>