Thanks Milt, however, we use Sun's JWS and can get the "client" certificate
by using:
javax.security.cert.X509Certificate certs[];
certs = javax.servlet.ServletRequest.getAttribute
("javax.net.ssl.peer_certificates");
The problem we have is that when we make the connection out from our servlet
to a https url, we can see no way to verify the certificate sent back from
the remote "server" side. Therefore we have no way to make a decision
whether to go ahead with the SSL connection or not ... the connection just
occurs and that's all.
Stan Kotlyar,
Software Engineer, Satcom P/L
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Milt
Epstein
Sent: Thursday, 20 May 1999 14:22
To: [EMAIL PROTECTED]
Subject: Re: ssl connection from a servlet
On Thu, 20 May 1999, Stan Kotlyar wrote:
> Hi,
>
> We have a requirement to connect to an SSL server from within a
> servlet ... we have been able to do this with just with the URL
> class (and a https url), which works fine. The problem we have is
> that we see no way of assessing the secure site's X509 certificate
> (which is presumably used to set up the ssl connection). We would
> like to have the same functionality as web browsers in that we can
> reject connect attempts based on the remote site's cert. Any
> pointers would be greatly appreciated.
If I'm understanding your question right, I've heard that you can
access the certificate as a header on the request, you just need to
know what the header name is. "auth-cert" is one header name I've
seen mentioned. I've never tried it myself.
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
