subject:"Re\\\: Mutual SSL client certificate validation\\\(Key Usage and Extended Key Usage\\\) in tomcat server"

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-04 Thread Mark Thomas


On 05/02/2018 02:14, Indunil Rathnayake wrote:

Hi,

On 2 February 2018 at 19:55, Christopher Schultz <
ch...@christopherschultz.net> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 2/2/18 5:35 AM, Mark Thomas wrote:

On 02/02/18 04:06, Christopher Schultz wrote:




It seems reasonable for Tomcat to verify that any "critical"
key-use extensions are respected, and perhaps even some
non-critical ones.


I'd assume that JSSE / OpenSSl do this automatically. Is there any
evidence that they do not?


Sorry, I meant to say that Tomcat should probably perform those checks
if the underlying TLS handler is not already doing them, or instruct
the underlying handler to perform those checks if they are not already
being done and can be done during the handshake.



Thanks.. Appreciate if you can share some reference for how we can enable
this validation through a tomcat handler.


I'll repeat. Is there any evidence that this is not already being 
performed in JSSE / OpenSSL by default?


Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-04 Thread Indunil Rathnayake

Hi,

On 2 February 2018 at 19:55, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mark,
>
> On 2/2/18 5:35 AM, Mark Thomas wrote:
> > On 02/02/18 04:06, Christopher Schultz wrote:
> >
> > 
> >
> >> It seems reasonable for Tomcat to verify that any "critical"
> >> key-use extensions are respected, and perhaps even some
> >> non-critical ones.
> >
> > I'd assume that JSSE / OpenSSl do this automatically. Is there any
> > evidence that they do not?
>
> Sorry, I meant to say that Tomcat should probably perform those checks
> if the underlying TLS handler is not already doing them, or instruct
> the underlying handler to perform those checks if they are not already
> being done and can be done during the handshake.
>

Thanks.. Appreciate if you can share some reference for how we can enable
this validation through a tomcat handler.


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlp0dNodHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFioMQ/8CjEoj/JLUblsMIOF
> m/tQ3UuuNz1s1vxfpHUWCI1BRIGmu4fGYnKmjaFuGn2iHVpt7lMjOreXkHNtkVdP
> g7oPbdihGkltIOrj4ayiZXNMH40fMRRHNqQEITKMR+u9f0smqzJB3A2YYcO9qvtH
> MDv/Vg1c2f5btWDfXj9FV5rwbtrMbJSFrwDg0mOTOEoZMjtr3FCxbT8XfMseGE85
> a7WCEljodU64ef5F0tbsj4KQqNFcVkkpI8YpGni1y9suDFyeN2JXeVJUJRK2f28A
> 55HIQvhVvWU3d+c2ZfQQJiY1XJ7Feg+54rczXXusfIxMd/zQxvptdMlzRjkss5Rg
> 7MzrpO3NDPmDadAeTw0pDAAhUzWVn/BlGlb7hioXkU/lJR/PzN03DbiVdC6HBquj
> 0f0rV53MhS28SmhU1GCLex1kyDqlRfcqpd0QD+Yyi/WgcnVR4lr60brdu8WquvuQ
> qT5jtT/tSZHImMGGGnVxE0Fg0wZaSdBf9tA9NqNAYUXsoMituRTeDQoL9DeIPs0F
> QDnURxtOTfkhmtq/wYeZSqzoPZGdSyfTT6quOugVeECrLkT7lZQHetGLIwlNVuRY
> gP17H521N46dysVe/Qec1o+7FTJsJ7eQ/nEtJVnCI8PPJBT3XITB+LDaHEc5XNSH
> BUB6HOt4pNpncpdWSO8o1HgDNfc=
> =EEgh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-02 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 2/2/18 5:35 AM, Mark Thomas wrote:
> On 02/02/18 04:06, Christopher Schultz wrote:
> 
> 
> 
>> It seems reasonable for Tomcat to verify that any "critical"
>> key-use extensions are respected, and perhaps even some
>> non-critical ones.
> 
> I'd assume that JSSE / OpenSSl do this automatically. Is there any 
> evidence that they do not?

Sorry, I meant to say that Tomcat should probably perform those checks
if the underlying TLS handler is not already doing them, or instruct
the underlying handler to perform those checks if they are not already
being done and can be done during the handshake.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlp0dNodHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFioMQ/8CjEoj/JLUblsMIOF
m/tQ3UuuNz1s1vxfpHUWCI1BRIGmu4fGYnKmjaFuGn2iHVpt7lMjOreXkHNtkVdP
g7oPbdihGkltIOrj4ayiZXNMH40fMRRHNqQEITKMR+u9f0smqzJB3A2YYcO9qvtH
MDv/Vg1c2f5btWDfXj9FV5rwbtrMbJSFrwDg0mOTOEoZMjtr3FCxbT8XfMseGE85
a7WCEljodU64ef5F0tbsj4KQqNFcVkkpI8YpGni1y9suDFyeN2JXeVJUJRK2f28A
55HIQvhVvWU3d+c2ZfQQJiY1XJ7Feg+54rczXXusfIxMd/zQxvptdMlzRjkss5Rg
7MzrpO3NDPmDadAeTw0pDAAhUzWVn/BlGlb7hioXkU/lJR/PzN03DbiVdC6HBquj
0f0rV53MhS28SmhU1GCLex1kyDqlRfcqpd0QD+Yyi/WgcnVR4lr60brdu8WquvuQ
qT5jtT/tSZHImMGGGnVxE0Fg0wZaSdBf9tA9NqNAYUXsoMituRTeDQoL9DeIPs0F
QDnURxtOTfkhmtq/wYeZSqzoPZGdSyfTT6quOugVeECrLkT7lZQHetGLIwlNVuRY
gP17H521N46dysVe/Qec1o+7FTJsJ7eQ/nEtJVnCI8PPJBT3XITB+LDaHEc5XNSH
BUB6HOt4pNpncpdWSO8o1HgDNfc=
=EEgh
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-02 Thread Indunil Rathnayake

Hi Chris,





On 2 February 2018 at 09:36, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Indunil,
>
> On 2/1/18 7:33 AM, Indunil Rathnayake wrote:
> > I have configured a tomcat connector for handling requests for a
> > particular servlet and have configured a trust store for the
> > connector. Anyone knows whether tomcat handles validation of "Key
> > Usage" and "Extended Key Usage" extensions in client certificates?
> > And how it's handled through tomcat(is it through the tomcat
> > connector)?
> >
> > Appreciate your help on this.
>
> Are you interested in making sure that Tomcat verifies that the
> certificate is e.g. allowed to be used for TLS client authentication?
>
> I'm fairly sure Tomcat does not currently verify any of the key-usage
> fields on a certificate. The assumption is that if a trusted CA
> doesn't think a key should be used for authentication, then the CA
> should not sign that certificate.
>
> But it's reasonable to imagine a scenario where a code-signing
> certificate signed by a CA could be "illegally" used as a TLS client
> certificate, and in that case, Tomcat would allow the handshake.
>
> It seems reasonable for Tomcat to verify that any "critical" key-use
> extensions are respected, and perhaps even some non-critical ones.
>
> Is this what you had in mind?
>

Thanks a lot for the information. I really appreciate it. Yes, I was
concerned whether tomcat is validate the key usage and extended key usage
extensions, for checking whether a particular certificate is served the
purpose it is intended to. Ex: in client authentication, certificate
without "clientAuth" extended key usage in extension shouldn't be taken as
a valid certificate from tomcat level.

As per your comment, seems like in tomcat level, those validations will not
be done.

Do you know what are the "key usage" or "extended key usage" extension
values should be required, in order to support client authentication?



>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpz46oACgkQHPApP6U8
> pFiqiBAAmL6qk1g+TOSgsy9fvs7E540l8fuAk3jQ7l0z/uy9hOIUw6yYjvMorabG
> MWmc6VLRJ95y1ALbmW/olEGVZ4SHihdnmlJbkZ8AqiKBQtaz6fWKXcGdYymlnoE5
> jTye1XLBjk7lyhOWoP6bW315Bg+LI62gzUoFukphcmEQwE9CkpzVEJtpnfXpuCuf
> xJl0sh8oTKaU+Fsy4nW4HITSmuVHNEaoKseKCRSjDe1z4pc1NG9n5QN4Ij5TX53o
> JLIqv3c8dpyIO2+brIoc+KvXBNVBngaDsiDbJszGdhDICsIoz0andxHwzQRLoqtu
> 4I5eLpO/qbGNk10Kl/TRamnIUw+t79NsE+WeAbwX30zkEPkApb7rJ6M4g6haQPg5
> wSaka+FLy/zdlNVzBw6iiJla4UiLtzlVXYUlCCC/j/cs+aV0A2ilsUYZNUrLMB3F
> No77FxDt+bo6v8U2JqS4AU6N/5ktNVRfpwcDWQrNT1TTWFdOMzqxI1NVSm08hmwM
> FrBaO6dL6ZikaB2x1Xb3STyGKb3t03R/AqI/CQpxUus9a/0AHVMNM8ru+gnB8kJu
> TCkjE3+Tu3Uh+wLzR8bTkqpecFtLNV3Lf6I6k+FrbLb3XBWW7EBpTx3yeKbCij7X
> rHigCnOMO/Np3YE6Ttuepja0poEYdLo+yGbaKxZQubIjVfPMmjU=
> =e5q4
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Email : *indunil@gmail.com * | Skype: indu.upeksha
| Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil

|  Facebook
: https://www.facebook.com/indunilrathnayake80

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-02 Thread Mark Thomas

On 02/02/18 04:06, Christopher Schultz wrote:



> It seems reasonable for Tomcat to verify that any "critical" key-use
> extensions are respected, and perhaps even some non-critical ones.

I'd assume that JSSE / OpenSSl do this automatically. Is there any
evidence that they do not?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Indunil,

On 2/1/18 7:33 AM, Indunil Rathnayake wrote:
> I have configured a tomcat connector for handling requests for a
> particular servlet and have configured a trust store for the
> connector. Anyone knows whether tomcat handles validation of "Key
> Usage" and "Extended Key Usage" extensions in client certificates?
> And how it's handled through tomcat(is it through the tomcat
> connector)?
> 
> Appreciate your help on this.

Are you interested in making sure that Tomcat verifies that the
certificate is e.g. allowed to be used for TLS client authentication?

I'm fairly sure Tomcat does not currently verify any of the key-usage
fields on a certificate. The assumption is that if a trusted CA
doesn't think a key should be used for authentication, then the CA
should not sign that certificate.

But it's reasonable to imagine a scenario where a code-signing
certificate signed by a CA could be "illegally" used as a TLS client
certificate, and in that case, Tomcat would allow the handshake.

It seems reasonable for Tomcat to verify that any "critical" key-use
extensions are respected, and perhaps even some non-critical ones.

Is this what you had in mind?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpz46oACgkQHPApP6U8
pFiqiBAAmL6qk1g+TOSgsy9fvs7E540l8fuAk3jQ7l0z/uy9hOIUw6yYjvMorabG
MWmc6VLRJ95y1ALbmW/olEGVZ4SHihdnmlJbkZ8AqiKBQtaz6fWKXcGdYymlnoE5
jTye1XLBjk7lyhOWoP6bW315Bg+LI62gzUoFukphcmEQwE9CkpzVEJtpnfXpuCuf
xJl0sh8oTKaU+Fsy4nW4HITSmuVHNEaoKseKCRSjDe1z4pc1NG9n5QN4Ij5TX53o
JLIqv3c8dpyIO2+brIoc+KvXBNVBngaDsiDbJszGdhDICsIoz0andxHwzQRLoqtu
4I5eLpO/qbGNk10Kl/TRamnIUw+t79NsE+WeAbwX30zkEPkApb7rJ6M4g6haQPg5
wSaka+FLy/zdlNVzBw6iiJla4UiLtzlVXYUlCCC/j/cs+aV0A2ilsUYZNUrLMB3F
No77FxDt+bo6v8U2JqS4AU6N/5ktNVRfpwcDWQrNT1TTWFdOMzqxI1NVSm08hmwM
FrBaO6dL6ZikaB2x1Xb3STyGKb3t03R/AqI/CQpxUus9a/0AHVMNM8ru+gnB8kJu
TCkjE3+Tu3Uh+wLzR8bTkqpecFtLNV3Lf6I6k+FrbLb3XBWW7EBpTx3yeKbCij7X
rHigCnOMO/Np3YE6Ttuepja0poEYdLo+yGbaKxZQubIjVfPMmjU=
=e5q4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Indunil,

On 2/1/18 6:15 PM, Indunil Rathnayake wrote:
> Adding Chris

There's no need to specifically CC list members.

- -chris

> On 1 February 2018 at 18:03, Indunil Rathnayake
>  wrote:
> 
>> Hi,
>> 
>> I have configured a tomcat connector for handling requests for a 
>> particular servlet and have configured a trust store for the
>> connector. Anyone knows whether tomcat handles validation of "Key
>> Usage" and "Extended Key Usage" extensions in client
>> certificates? And how it's handled through tomcat(is it through
>> the tomcat connector)?
>> 
>> Appreciate your help on this.
>> 
>> Thanks and Regards
>> 
>> --
>> 
>> *Indunil Rathnayake *
>> 
>> *Faculty of Information Technology*
>> 
>> *University of Moratuwa.*
>> 
>> 
> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpz4EwACgkQHPApP6U8
pFjCcg/9HKMR3ZOqc8GnH94NBivjn7Vg9E3W47Wzk+RNT2i4NfZc4qTboghmDoW0
7obpHS475oQ6RRyWvXpbmF5LkVcMx1lNRXDo1t090x740bJ9mKyB9MpXJI49YoqZ
V3hH5Mu9ZsnX+2jU7xmU2d074PsVgl+YdOsn+uQm+yF+a7Gg7ChfLe1+MWe/bYog
GALkWQ5pGF34BDe4N4BAipjsBtrm6vvMf4ukmQAJsQ8A0QahAlVmv+N6/R8nyx7I
MM1kKpIlCf4yKkOafayS3oKrxIr0J6c58jCcfzr2+EmMQ+bHh+2V45/hqnLjyWYd
1VJy7EufCftU+ow6c4JtlBaiPGiEnNmaU66Giiw2fKgAevqAggQBjvUJsV6EADBv
QGj7qABDJzAn5bRHwSO4CXiqbtDpP3fLPPEnnlcZCGedSo4Gqa6akacfYenDEHNf
jxItoaSnJpqO4TdMWz0+5LO2Z73uDAYlaZi1uiCtyuGrQzr7bYsmSQ4bRsC01SQl
+44RF/1n2EC8/GWNK7Z9ucAQ0+3q5kxqyr+l58ifKNPlr2Or4z7J6Mk+PkQGTmM4
fx6usRzA613Qm5fFM6mXuxAOWIoFdzA8C55ImCk5r6m3uW4o6zEKH4IdTqjNd2xw
UV2uij1JZhm0xrVCXFBKSN6lHOlUTg/TjH9cxIldvE7NpbRmKY0=
=60ml
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-01 Thread Indunil Rathnayake

Adding Chris

On 1 February 2018 at 18:03, Indunil Rathnayake 
wrote:

> Hi,
>
> I have configured a tomcat connector for handling requests for a
> particular servlet and have configured a trust store for the connector.
> Anyone knows whether tomcat handles validation of "Key Usage" and "Extended
> Key Usage" extensions in client certificates? And how it's handled through
> tomcat(is it through the tomcat connector)?
>
> Appreciate your help on this.
>
> Thanks and Regards
>
> --
>
> *Indunil Rathnayake *
>
> *Faculty of Information Technology*
>
> *University of Moratuwa.*
>
>


-- 

*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Email : *indunil@gmail.com * | Skype: indu.upeksha
| Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil

|  Facebook
: https://www.facebook.com/indunilrathnayake80

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-01 Thread Indunil Rathnayake

Hi Chris,

On 1 February 2018 at 20:25, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Indunil,
>
> On 2/1/18 7:29 AM, Indunil Rathnayake wrote:
> > I have configured a tomcat connector for handling requests for a
> > particular servlet and have configured a trust store for the
> > connector. Anyone knows whether tomcat handles validation of "Key
> > Usage" and "Extended Key Usage" extensions in client certificates?
> > And how it's handled through tomcat(is it through the tomcat
> > connector)?
> >
> > Appreciate your help on this.
>
> This is a question better-asked on the users' list. Cross-posting to
> move the discussion there.
>

Thanks. I have already sent a mail to the users' list as well. Please
check. Really appreciate your help on this.


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpzKnAdHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiHZhAAyUydZZQFgeFyfFjh
> Sy5kdz8T7vo8DDeyL3/63rmDGELdJHjiXeg5BIwfzkNawmZFky1esLHCKBSriO5Z
> 1VcZwvz5nkJaaMtEz77MDH+kLGtsQDeXhUE3riVK+iUZvciZIeUogv70uGdd5wDI
> buv/clfECgpE1A//LVWlp8jr67W0M8FWxhGC6Jy7UCjgRqkJgUDGynASt2qOxuUb
> k0Ih3F1yIK8gwg0enlk039P16PZrfsvZJzNv0OU6jmr11dkxrb4DiUiMAaoertSX
> cPHGefJ5VYpsKHA3qPSnSjYpzGWUJMat8Mpkj7QEcIMKpHjVXriGKLxNxdiz7rdm
> xBnZf5j5dxDRGDlNh25oY9tAup0WadjdefwMNRT+xKr5s3ohdS47BDWOAdQJZQkI
> lVPtfqlWyCqCRU/lJ0uOMPsbqfaLnISJ1u3uOozmujlviHp9GxOUqoAq7dZI52B9
> ZXjsmjK/nNMQMtlHUvWjZHvvYmbTyJLZtGbnLYoI+vx+VxXOe4CHH8EKucjQYifD
> NUzAoZ3dd0g4pCt0/3+VW26Keep4P+u4yZ7vvoOB4tum+DKbSJp557d8Raz59HZt
> YjQLiQtb1s4ppw6CtFfQaGd/8+oKuxhZevhImMUL1bkZnCB6qFZ9ziKnbVA1tgs4
> VNPK1KKa+WhopgCgPjSXGDiK3uw=
> =1J/l
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


-- 

*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

2018-02-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Indunil,

On 2/1/18 7:29 AM, Indunil Rathnayake wrote:
> I have configured a tomcat connector for handling requests for a
> particular servlet and have configured a trust store for the
> connector. Anyone knows whether tomcat handles validation of "Key
> Usage" and "Extended Key Usage" extensions in client certificates?
> And how it's handled through tomcat(is it through the tomcat
> connector)?
> 
> Appreciate your help on this.

This is a question better-asked on the users' list. Cross-posting to
move the discussion there.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpzKnAdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiHZhAAyUydZZQFgeFyfFjh
Sy5kdz8T7vo8DDeyL3/63rmDGELdJHjiXeg5BIwfzkNawmZFky1esLHCKBSriO5Z
1VcZwvz5nkJaaMtEz77MDH+kLGtsQDeXhUE3riVK+iUZvciZIeUogv70uGdd5wDI
buv/clfECgpE1A//LVWlp8jr67W0M8FWxhGC6Jy7UCjgRqkJgUDGynASt2qOxuUb
k0Ih3F1yIK8gwg0enlk039P16PZrfsvZJzNv0OU6jmr11dkxrb4DiUiMAaoertSX
cPHGefJ5VYpsKHA3qPSnSjYpzGWUJMat8Mpkj7QEcIMKpHjVXriGKLxNxdiz7rdm
xBnZf5j5dxDRGDlNh25oY9tAup0WadjdefwMNRT+xKr5s3ohdS47BDWOAdQJZQkI
lVPtfqlWyCqCRU/lJ0uOMPsbqfaLnISJ1u3uOozmujlviHp9GxOUqoAq7dZI52B9
ZXjsmjK/nNMQMtlHUvWjZHvvYmbTyJLZtGbnLYoI+vx+VxXOe4CHH8EKucjQYifD
NUzAoZ3dd0g4pCt0/3+VW26Keep4P+u4yZ7vvoOB4tum+DKbSJp557d8Raz59HZt
YjQLiQtb1s4ppw6CtFfQaGd/8+oKuxhZevhImMUL1bkZnCB6qFZ9ziKnbVA1tgs4
VNPK1KKa+WhopgCgPjSXGDiK3uw=
=1J/l
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

10 matches

Site Navigation

Mail list logo

Footer information