Hi all,
I am using Apache 1.3.27, Tomcat 4.1.24 and mod_jk. Normal connection seems to work
well over HTTP and HTTPS but I want to get the client X509 certificate from Apache. I
have read the documentation that comes with the connector package and applied the
suggestions.
I also have a test servlet (distributed on this mailing list a while ago) that tries
to read the X509, cipher suite and key size. The test servlet correctly obtains the
cipher suite and key size but cannot obtain the client certificate. Catalina.out shows
the following error:
Starting service Tomcat-Standalone
Apache Tomcat/4.1.24
[INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080
[INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009
[INFO] JkMain - -Jk running ID=0 time=1/131 config=/usr/local/apache.org/jakart
a/tomcat/jakarta-tomcat-4.1.24/conf/jk2.properties
java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti
[INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080
[INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009
[INFO] JkMain - -Jk running ID=0 time=1/131 config=/usr/local/apache.org/jakart
a/tomcat/jakarta-tomcat-4.1.24/conf/jk2.properties
java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti
on: insufficient data
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:147)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto
ry.java:84)
at java.security.cert.CertificateFactory.generateCertificate(Certificate
Factory.java:281)
at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
at org.apache.coyote.Response.action(Response.java:222)
at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte
r.java:310)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22
1)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja
va:562)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:619)
at java.lang.Thread.run(Thread.java:479)
[ERROR] JkCoyoteHandler - -Certificate convertion failed <java.security.cert.Cer
tificateException: Unable to initialize, java.io.IOException: insufficient data>
I haven't changed anything in the default server.xml file for tomcat 4.1.24 - should I?
I am using virtual hosts in my httpd.conf
Outside virtual hosts I have:
...
JkWorkersFile /usr/local/apache/conf/workers.properties
JkLogFile /usr/local/apache/logs/mod_jk.log
JkLogLevel debug
JkExtractSSL On
JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories
...
Inside my virtual host declaration I have:
...
SSLOptions +StdEnvVars +ExportCertData
JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories
JkMount /examples/* ajp13
JkExtractSSL On
...
I am unsure if I also need the declaration:
JkEnvVar SSL_CLIENT_CERT "<UNSET>"
Here is my workers.properties file in case that is useful:
# Define 1 real worker using ajp13
worker.list=ajp13
# Set properties for worker1 (ajp13)
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
Thanks in advance.
Darren.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
