On Fri, Mar 13, 2015 at 7:38 PM, Marc Boorshtein <[email protected]> wrote:
> That will validate the certificate. But I need to be able to get the > certificate from inside of an interceptor. Is there any way I can get it > from the LdapSession? > here you have access to the certificate and this is the only place where you have a chance to see it, and if you want to store it for any other purpose then you need to extend server, cause certs are useless after establishing a secure channel. > On Mar 13, 2015 3:58 AM, "Kiran Ayyagari" <[email protected]> wrote: > >> >> >> On Fri, Mar 13, 2015 at 1:09 PM, Marc Boorshtein <[email protected]> >> wrote: >> >>> Correct. >>> On Mar 12, 2015 8:24 PM, "Kiran Ayyagari" <[email protected]> wrote: >>> >>>> >>>> >>>> On Fri, Mar 13, 2015 at 4:48 AM, Marc Boorshtein <[email protected] >>>> > wrote: >>>> >>>>> I'm using ApacheDS as the LDAP front end for MyVD. Its been working >>>>> great for months. Here's my question, where can I get a client >>>>> certificate >>>>> from? (in instances where ssl client authentication is being used for SSL >>>>> connections). >>>>> >>>>> so to be clear you are trying to verify the certificate of the client >>>> that is connecting to ApacheDS, correct? >>>> >>> currently this is not supported by the server, it just accepts all >> certificates of all clients. >> >> This can be supported easily by allowing admins to configure either >> 1. a custom TrustManager or >> 2. a truststore file. >> 3. or both >> I personally prefer 1 cause that will allow for a custom cert verifier >> and can avoid the overhead of loading client certs into a file >> >> Can you raise a feature request in JIRA? >> >>> Thanks >>>>> Marc >>>>> >>>> >>>> >>>> >>>> -- >>>> Kiran Ayyagari >>>> http://keydap.com >>>> >>> >> >> >> -- >> Kiran Ayyagari >> http://keydap.com >> > -- Kiran Ayyagari http://keydap.com
