Tomcat 4.0 & Apache with Client Certs

Mon, 24 Sep 2001 04:47:53 -0700 

Scenario

I have apache passing any calls to servlets through to Tomcat 4 via
the mod_webapp connector.
My Server certificate and my client certificates work fine to allow
specific users onto the system.

Problem....Problem....Problem....Problem....Problem....

In Tomcat 3.2.3 it was possible using AJP13 to access Client
Certificate information via
request.getAttribute("javax.servlet.request.X509Certificate") from
within my tomcat servlet. In Release 4.0 using the warp connector this
doesn`t appear to be the case. When i debug/view my request object for
it`s attributes there are none present. No CIPHER_SUITE or
X509Certificate.

Please can someone tell me how i should be accessing client
certificate information from within Tomcat 4.0 via apache.

My System

Apache-ssl 1.3
Tomcat 4.0
mod_webapp.so
Linux Redhat 7.1

Here is an extract of my httpd.conf

<VirtualHost www.xxxxxxxxxx.co.uk:443>
        SSLEnable
        SSLCertificateFile /usr/local/ssl/www.xxxxxxx.crt
        SSLCertificateKeyFile /usr/local/ssl/www.xxxxxxx.key
        SSLCACertificateFile /usr/local/ssl/xxxxxxx.pem
        SSLVerifyClient 2
        SSLVerifyDepth 10
        SSLFakeBasicAuth
        SSLExportClientCertificates
        SSLCacheServerPort /usr/logs/gcache_port
        SSLCacheServerPath ./bin/gcache
        SSLSessionCacheTimeout 30
        SSLRequiredCiphers RC4-MD5
        SSLCacheServerPath ./bin/gcache
        SSLCacheServerPort logs/gcache_port
        SSLCacheServerRunDir /tmp
        Serveradmin xxxxxx@xxxxxx
        ServerName xxxxxxx
        WebAppConnection warpConnection warp localhost:8008
        WebAppDeploy testcert warpConnection /testcert/
</VirtualHost>

and my server.xml to receive the warp connector

  <!-- Define an Apache-Connector Service -->
  <Service name="Tomcat-Apache">

    <Connector className="org.apache.catalina.connector.warp.WarpConnector"
     port="8008" minProcessors="5" maxProcessors="75"
     enableLookups="true" scheme="https" secure="true">
     acceptCount="10" debug="0"/>
    </Connector>

    <!--
     <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
     clientAuth="false" protocol="TLS"/>
    -->

    <!-- Replace "localhost" with what your Apache "ServerName" is set
to -->
    <Engine className="org.apache.catalina.connector.warp.WarpEngine"
     name="Apache" defaultHost="localhost" debug="0"
appBase="webapps">
        .........

Any help or advise greatly appreciated

Lee Lovell

Reply via email to