RE: How to retrieve OCSP Information at server side(In Servlet) Tomact ver 7.0.40/Centos

[Martin Gainty]

  


 Date: Tue, 3 Sep 2013 13:15:47 +0530
 Subject: How to retrieve OCSP Information at server side(In Servlet) Tomact 
 ver 7.0.40/Centos
 From: sushil.pru...@gmail.com
 To: users@tomcat.apache.org
 
 HI All
 
 I want to retrieve OCSP information at server side in servlet .
 So currently i am using
 X509Certificate certChain[] = (X509Certificate[])
 request.getAttribute(javax.servlet.request.X509Certificate);
MGassuming 'someone' was smart enough to place certificate name into 
javax.servlet.request.X509Certificate a-priori
 
 ans also i have configured below value at /conf/server.xml
 truststoreFile=/LocalDev/software/ssl/server/server.ks
 truststorePass=password
 and clientAuth=want
 Even though i am unable to retrieve value ,It's giving null.
 
 
 ANy idea is there any extra configuration i need to do at tomcat side?

MGdifference between accessing truststore and accessing keystore
http://stackoverflow.com/questions/318441/truststore-and-keystore-definitions   
  

Re: How to retrieve OCSP Information at server side(In Servlet) Tomact ver 7.0.40/Centos

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sushil,

On 9/3/13 3:45 AM, Sushil Prusty wrote:
 HI All
 
 I want to retrieve OCSP information at  server side in servlet . So
 currently i am using X509Certificate certChain[] =
 (X509Certificate[]) 
 request.getAttribute(javax.servlet.request.X509Certificate);
 
 ans also i have configured below value at /conf/server.xml 
 truststoreFile=/LocalDev/software/ssl/server/server.ks 
 truststorePass=password and  clientAuth=want Even though i am
 unable to retrieve value ,It's giving null.
 
 
 ANy idea is there any extra configuration i need to do at tomcat
 side?

Aah, you didnt' say in your other thread that you were using SSL
client certificates. There's a big difference between using something
like a CAC card and just an SSL client cert (which presumably could be
stored on a card, but .. whatever).

So, let's get back to SSL: are you using tcnative, or are you using
JSSE? It will be obvious from the Connector configuration in your
server.xml file. Remember to remove any sensitive information (e.g.
passwords).

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSJltTAAoJEBzwKT+lPKRYMYUQALZ/iATbf5sFaLJDZ2bFi7ui
Y6/4jPsYUsKZitFDlqdd4Bp1Jb/GCrBIUjcWm95KdING4X+9ekx33gx9skHfQwZv
XSfqgUgQJXDkqTiUaanT3C1nN19OkDrFWgElY1/CZeB/mqpIYqKjJEOPuWupjfRD
KGpkulY/S+2F9p2gSvjbeueRFsUthQW25QPClgY3q5GwoHx3hSsxfQoIuBF/3yB/
gakvEIyapNR70YEfpy2fhE3orV53gke9+0vKcmX0a5pu3oDInFZ4JhrZCAcWfBBd
njMK2h6TK2ZSNmh4WqCXf7Q5pSeTUnJqxM9DsVxtk7hpWFvzgf82W0FnfGcbjJ/t
5twMuMlBnfnleT4JTbUlJ88fzp6hev6JtF3jxNBEYJkQ1jeWLopWZh0nARLu+I9l
aMXzOY3qwiec54FwylnLGUhfeqFXL5GqDryJH3GpJV3G18Pdr4Ddr8lEnnRceIgM
B1VablH2fTgNu39NjrUhOUnlVajo9KNtkhLhLX/hNNqbkE50wXeYaEvUo0g++mDd
Poer65ofujFWH3fD03rZt4Gb0ov31ic1v7LHRE3vsXAdNXDbIuHti3xfP0yt6GOC
YUmQUcReWeHTx2R9470eejDKJ5qavkH9EDj6cddWGP/E23sE905X6ezEKK0lPycr
GdS0MHoTJ6b1YAKtGTHX
=J0j+
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org