Hi
I have followed all the instructions on this discussion, and i´m still
getting the error:
HTTP Status 400 - No client certificate chain in this request
Does the user cert that i´m using need to be trusted by cert of tomcat sever?
I´m using Apache Tomcat/5.5.15, on Win Xp Pro SP2
I have
Ok, I just submitted the bugs #38553 and #38555 for both issues. If
you need more information, please let me know via bugzilla.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Markus wrote:
Ok, I just submitted the bugs #38553 and #38555 for both issues. If
you need more information, please let me know via bugzilla.
5.5.x CLIENT-CERT shoudl work with all realms. 5.0.x - don't hold your
breath.
Mark
Mark:
Thank you for your link to the archive. It was my fault using the
UserDatabase realm
instead of the MemoryRealm. I'm, using tomcat 5.0.28 - is it still the
case in 5.5.x
that you MUST use the MemoryRealm for clientcert authentication?
Anyway, there is still an issue when trying to access a
Markus wrote:
Mark:
Thank you for your link to the archive. It was my fault using the
UserDatabase realm
instead of the MemoryRealm. I'm, using tomcat 5.0.28 - is it still the
case in 5.5.x
that you MUST use the MemoryRealm for clientcert authentication?
All realms should work with
Markus a écrit :
Ok, when I set clientAuth to want the Exception getting SSL Cert
goes away. (Wtf is this documented?).
Yes it is documented:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Section 'Edit the Tomcat Configuration File'
But I still get the 403 - Access
denied error.
Ok, when I set clientAuth to want the Exception getting SSL Cert
goes away. (Wtf is this documented?). But I still get the 403 - Access
denied error.
Here is how I added the users certificate to my realm:
web.xml:
security-constraint
web-resource-collection
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?
This is my current configuration:
In server.xml:
Connector port=8443
maxThreads=150 minSpareThreads=25
: Wednesday, February 01, 2006 9:22 AM
To: Tomcat Users List
Subject: Re: Tomcat and client certificates
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?
This is my current configuration
Creating client certs is no problem, I already had client
authentication working on the Connector-Level.
Nick:
In other words: it is NOT possible in tomcat to have a webapp with
BOTH, a private part with ssl AND client authentication and a public
part with ssl but WITHOUT client authentication?
Hi
Yes, it is possible. From connector configuration doc:
clientAuth:
Set this value to true if you want Tomcat to require all SSL clients to
present a client Certificate in order to use this socket.
Set this value to want if you want Tomcat to request a client Certificate,
but not fail
Markus wrote:
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?
snip/
And here are the results I get:
https://domain/anypage : OK
https://domain/html/anypage : HTTP
Is it possible to run on the same container (instance of Tomcat) web
application that DO require certificates and other applications that do
NOT require certificates?
To define required client certificate authorization one needs to define
in SERVER.XML
Connector className=
From: Tom Bednarz [mailto:[EMAIL PROTECTED]
Subject: Tomcat and client certificates
If that is not possible, I need two servers, each running
an instance of Tomcat with different server.xml settings.
I haven't tried it, but I would think all you need is two sets of
Connector tags, not two
14 matches
Mail list logo
