On 23/06/10 23:04, ian loyola wrote:
Dear colleagues,
I'm running IIS version 6 and Apache Tomcat 6.x on a Windows 2003 enterprise
server. I had to renew SSL certificates for both the IIS and Tomcat web server.
I was told to raise a CSR from the IIS server and create a certificate. The
Hi,
[EMAIL PROTECTED] wrote:
I am trying to configure SSL on a tomcat 6.0.13. I began by creating a default
keystore (using keytool) in the user's directory where the apache tomcat server
is installed. From this keystore I generated a server cert request. Once I
received the server cert, I
Hi,
Rafael Rossetto wrote:
I'm using the JkOptions +ForwardSSLCertChain in httpd.conf. In
ssl.conf I also use the SSLVerifyClient require(tried optional and
optional_no_ca), so the client certificate validation in Apache seems
all right to me. And the SSLOptions is SSLOptions +StdEnvVars
Bill Barker wrote:
You haven't missed anything. Tomcat simply doesn't try to authenticate a
user if authentication isn't required. Simplest and most portable is to
create a Filter that is configured as the first filter, and takes an
auth-method init param to tell it what to use, and
Hello,
Peter Crowther wrote:
From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED]
A coworker claims that all unix admins should never install
open source binaries. They should build using the source.
Binaries are marginally more open to tampering; this is why most (all?)
Apache projects
Hello,
I would like to be able to require authentication optionally and make my
servlets or JSPs behave differently depending on which Principals they get.
For example, I'd like a GET to be able to return a 200 status and not
401, even if the user has not been authenticated.
Presumably, this