Hi, I'm trying to support mutually authenticated SSL connection to tomcat using pem encoded x509 certificates. I use APR as mentioned in http://tomcat.apache.org/tomcat-5.5-doc/apr.html. I have the mutual authentication working well for normal certificates. We use our own CA's. Our tomcat setup is going to be used in conjunction with grid..
The problem came in when I tried using a proxy certificate[1] generated by MyProxy[4] for the client side. The tomcat server contains the certificate of the CA, but does not contain the certificate of the user who issued/signed the proxy certificate. Hence the proxy certificate file also contains the public key of the user as mentioned in here [2] . The overall format of the certificate has the following structure [3]. PEM-encoded proxy certificate PEM-encoded private key PEM-encoded public certificate of the user (delegator) to help create the certificate chain in the server side. My question is whether APR+mod_ssl supports the above scenario of using a public key contained in the client proxy file as an intermediary certificate when building the trust path to the CA. If so please provide me some pointers to follow. Also I'm curious to know whether there are any users who supported MyProxy generated proxy certificates without using Globus security packages. thanks, Thilina 1. http://www.ietf.org/rfc/rfc3820.txt 2. http://gdp.globus.org/gt4-tutorial/multiplehtml/ch10s05.html#fig_sec_gsi_proxyvalidation 3. http://dev.globus.org/wiki/Security/ProxyFileFormat 4. http://grid.ncsa.uiuc.edu/myproxy/ -- Thilina Gunarathne - http://thilinag.blogspot.com -- Thilina Gunarathne - http://thilinag.blogspot.com