It's a well-known bug in TC 4.1.18-4.1.24. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for more details. The 4.1.26 release should be coming out later this month with a fix for this.
"Darren Marvin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] .ac.uk... Hi all, I am using Apache 1.3.27, Tomcat 4.1.24 and mod_jk. Normal connection seems to work well over HTTP and HTTPS but I want to get the client X509 certificate from Apache. I have read the documentation that comes with the connector package and applied the suggestions. I also have a test servlet (distributed on this mailing list a while ago) that tries to read the X509, cipher suite and key size. The test servlet correctly obtains the cipher suite and key size but cannot obtain the client certificate. Catalina.out shows the following error: Starting service Tomcat-Standalone Apache Tomcat/4.1.24 [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080 [INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009 [INFO] JkMain - -Jk running ID=0 time=1/131 config=/usr/local/apache.org/jakart a/tomcat/jakarta-tomcat-4.1.24/conf/jk2.properties java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080 [INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009 [INFO] JkMain - -Jk running ID=0 time=1/131 config=/usr/local/apache.org/jakart a/tomcat/jakarta-tomcat-4.1.24/conf/jk2.properties java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti on: insufficient data at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:147) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto ry.java:84) at java.security.cert.CertificateFactory.generateCertificate(Certificate Factory.java:281) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte r.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22 1) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja va:562) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:619) at java.lang.Thread.run(Thread.java:479) [ERROR] JkCoyoteHandler - -Certificate convertion failed <java.security.cert.Cer tificateException: Unable to initialize, java.io.IOException: insufficient data> I haven't changed anything in the default server.xml file for tomcat 4.1.24 - should I? I am using virtual hosts in my httpd.conf Outside virtual hosts I have: ... JkWorkersFile /usr/local/apache/conf/workers.properties JkLogFile /usr/local/apache/logs/mod_jk.log JkLogLevel debug JkExtractSSL On JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories ... Inside my virtual host declaration I have: ... SSLOptions +StdEnvVars +ExportCertData JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /examples/* ajp13 JkExtractSSL On ... I am unsure if I also need the declaration: JkEnvVar SSL_CLIENT_CERT "<UNSET>" Here is my workers.properties file in case that is useful: # Define 1 real worker using ajp13 worker.list=ajp13 # Set properties for worker1 (ajp13) worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009 Thanks in advance. Darren. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
