On 20/12/2018 04:28, Christopher Schultz wrote:
> James,
>
> On 12/19/18 20:18, James H. H. Lampert wrote:
>> I just had a crazy thought, in connection with a situation in
>> which we're trying to figure out a way to limit web service
>> connections to authorized consumers.
>
>> Here's the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 12/19/18 20:18, James H. H. Lampert wrote:
> I just had a crazy thought, in connection with a situation in
> which we're trying to figure out a way to limit web service
> connections to authorized consumers.
>
> Here's the situation: we
On 2 September 2014 18:00, Christopher Schultz ch...@christopherschultz.net
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Javier,
On 8/28/14, 3:14 PM, Javier Conti wrote:
On 28 August 2014 13:50, Konstantin Kolinko
knst.koli...@gmail.com wrote:
2014-08-28 14:46 GMT+04:00
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Javier,
On 8/28/14, 3:14 PM, Javier Conti wrote:
On 28 August 2014 13:50, Konstantin Kolinko
knst.koli...@gmail.com wrote:
2014-08-28 14:46 GMT+04:00 Javier Conti
javier.co...@gmail.com:
Hi all,
in a Tomcat 7.0.53 container we are running
2014-08-28 14:46 GMT+04:00 Javier Conti javier.co...@gmail.com:
Hi all,
in a Tomcat 7.0.53 container we are running an application which needs to
use client certificates to connect to other webservices.
This is currently done by configuring a keystore containing keys,
certificates and CAs
On 28 August 2014 13:50, Konstantin Kolinko knst.koli...@gmail.com wrote:
2014-08-28 14:46 GMT+04:00 Javier Conti javier.co...@gmail.com:
Hi all,
in a Tomcat 7.0.53 container we are running an application which needs to
use client certificates to connect to other webservices.
This is
I've registered a bug on that, with all needed files to reproduce.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48933
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
Are you keeping an SSL connection for a long time? Or, do you mean that
if you wait for slightly longer than 1 minute after the last SSL request
to make another one, the client certificate does not get delivered to
Tomcat?
The latter one :)
1) go to https://localhost:8443/ssltest, it will
2010/2/25 Albert Tumanov altum...@gmail.com:
There is a concept of SSL session (Resumed TLS handshake),
I think that will not work anymore, because of CVE-2009-3555
See
http://tomcat.apache.org/security-6.html
Best regards,
Konstantin Kolinko
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Thanks..
On Mon, Feb 22, 2010 at 2:16 PM, Albert
On 23/02/2010 09:31, Andrey D wrote:
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Albert,
On 2/22/2010 7:16 AM, Albert Tumanov wrote:
I'm chasing a strange problem with Tomcat + SSL + APR + Firefox.
Namely, the setup works perfectly (i.e. the client certificate is sent
and the servlet application can get it).
But if I allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
logs
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLOptions +ExportCertData
JkOptions +ForwardSSLCertChain
JkMount /cschultz-chadis/*.jsp worker21
JkLogLevel debug
# chain.crt contains all 3 certificates
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache but before sending it over the wire. At least we know
we got the data from Apache and because it is three and not four certs
it is likely,
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
https://issues.apache.org/bugzilla/show_bug.cgi?id=39637
indicates you'll need 5.5.28 ...
HTH!
On 20.11.2009 18:44, Rainer Jung wrote:
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLOptions +ExportCertData
JkOptions +ForwardSSLCertChain
JkMount /cschultz-chadis/*.jsp worker21
JkLogLevel debug
#
Since certs are public anyhow (not keys), here's the decoding done by
openssl -x509 -in ... -text:
On 20.11.2009 18:49, Rainer Jung wrote:
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 12:39 PM, Rainer Jung wrote:
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:51 PM, Rainer Jung wrote:
OpenSSL Code looks like only returning the chain provided by the client,
and the client should not provide the root.
Ok.
At the moment I see no way of getting the root CA which verified the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 4:12 PM, Christopher Schultz wrote:
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache
Christopher Schultz ch...@christopherschultz.net wrote in message
news:4b070643.1070...@christopherschultz.net...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
I'm having trouble getting a
[EMAIL PROTECTED] wrote:
The web.xml is configured in the following way to allow all
authenticated user to do stuff. (To my knwoledge the * means all
authenticated users, in my case users belonging to role1)
The * role does not mean all authenticated users. It means all users
with one or more
A trusted certificate is one signed by a CA. You might need to be
storing the entire certifcate chain?
Jack...
On 16/05/06, Srikanth Madarapu [EMAIL PROTECTED] wrote:
I am sorry forgot to mention the error message, the error I get is
java.rmi.RemoteException: ; nested exception is:
I am sorry forgot to mention the error message, the error I get is
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException:
java.security.PrivilegedActionException: javax.xml.soap.SOAPException:
Message send failed:
10:30 PM
To: users@tomcat.apache.org
Subject: Re: Client Certificate Authentication Failure
Tomcat is getting the cert fine (otherwise you'd get a different reponse
message). The problem is that it can't find a user to go with the
certificate.
This means that you've got a problem with your
Tomcat is getting the cert fine (otherwise you'd get a different reponse
message). The problem is that it can't find a user to go with the
certificate.
This means that you've got a problem with your Realm configuration.
Unfortunately, out of the Realms that ship with Tomcat, only MemoryRealm
As a follow-up, the CAs are in the jre/.../cacerts store as well as
being in the .truststore
Rick
-Original Message-
From: Steinberger, Richard [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 03, 2005 12:06 PM
To: users@tomcat.apache.org
Subject: Client Certificate Authentication
30 matches
Mail list logo