[EMAIL PROTECTED] wrote:
>
> hello stefan,
>
> I prefere having two answer than any, so thank you for you help but...
> when I try with tomcat 4.0-m5 to sniffe my https request, I obtain this
> Request attributes :
> Request attributes:
> filters.ExampleFilter.SERVLET_MAPPED =
> InvokerFilter(ApplicationFilterConfig[name=Servlet Mapped Filter,
> filterClass=filters.ExampleFilter])
> javax.servlet.request.key-size = 40
> filters.ExampleFilter.PATH_MAPPED =
> InvokerFilter(ApplicationFilterConfig[name=Path Mapped Filter,
> filterClass=filters.ExampleFilter])
> javax.servlet.request.cipher-suite = SSL_RSA_EXPORT_WITH_RC4_40_MD5
> ...
> Request Is Secure: true
>
>
> Obviously when I try to extract the javax.servlet.request.X509Certificate
> object with this command :
> (java.security.cert.X509Certificate)request.getAttribute(
> "javax.servlet.request.X509Certificate" ) I obtain an null object.
>
Have you configured the socket factory to require client authentication? If you
do not, there will be no client certificates to show you, even on an SSL
connection.
Change the "clientAuth" property in server.xml to "true" if you want this. Note
that, as a side effect, you will not be able to access this app unless you've
acquired and installed a client certificate in your browser.
>
> Any another idea ?
>
> Best regards
>
> Jérôme
>
Craig McClanahan
