Hey Jim,
I'm actually just using Standalone Tomcat with SSL. In any case, Mark introduced me to the s_client tool which proved very helpful in helping me solve my problem. It turned out that I couldn't see any client certs because I wasn't passing any client certs. So I checked my server.xml and sure enough "clientAuth=false". =/
Liam
Liam,
I may have just spent almost 2 WEEKS struggling with the problem that you're struggling with, I think.
Are you using Apache+mod_ssl+mod_jk/jk2+Tomcat, i.e., are you using Apache+ to front end your Tomcat?
If that's the case, then I believe (I never tried it because I went another route) that you need to make sure the Apache, mod_ssl, mod_jk/jk2 are all built with the "--EAPI" directive. I think this enables passing the SSL-related info to Tomcat.
Like I said, after struggling with the problem you're having, what I ended up doing was just running Standalone Tomcat with SSL (client and server), and it's been working fine. The only downside is that it appears that Tomcat SSL (JSSE) doesn't implement support for CRL checking, so you'll have to deal with that some other way.
I think that someone pointed to a possible source for binaries with the "--EAPI" but I never got to that because I switched to standalone Tomcat. For my situation, where we are having very low volume, a much easier configuration to deploy and manage... No flames PLEASE.
Jim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
