Hello.
I would like to get some advise about a new application I am developing.
It needs SSL with client certificate and it will be written in java and
deployed in Tomcat 6 with java 6.
The server will be shared with other applications in java, php and
perhaps other.
Now, it is a ubuntu 6.06 server with an apache 2.0 instalation, a tomcat
6.0 and a mod_jk 1.2.14.
There are some applications writen in php and a java aplication. The
java application is served by apache using mod_jk. It uses SSL but it
doesn't need client certificate. SSL is only configured in Apache.
Tomcat 6 uses normal connections (8080, 8009) which are closed.
This works perfectly but my next application will need client auth using
a X509Certificate and I need a way to get it in my Servlets.
I have read some documentation in google and I have try it.
First, I configured a Virtual Host with Apache
---------------------------------------------------------
<VirtualHost *:443>
ServerAdmin [EMAIL PROTECTED]
ServerSignature On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLVerifyClient optional_no_ca
JkExtractSSL On
JkMount /ovt ajp13_worker
JkMount /ovt/* ajp13_worker
</VirtualHost>
---------------------------------------------------------
Then, I made a Servlet to try it:
-----------------------------------------------------------
// Display the cipher suite in use
String cipherSuite = (String)
request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);
// Display the client's certificates, if there are any
if (cipherSuite != null) {
X509Certificate certChain[] = (X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
if (certChain != null) {
for (int i = 0; i < certChain.length; i++) {
out.println ("Client Certificate [" + i + "] = " +
certChain[i].toString());
}
}
-----------------------------------------------------------
And it didn't work. CipherSuite is always null.
I haven't configured anything in tomcat. As I have read, it should work
but it is obvious I am missing something.
I would like to manage SSL with Apache better than using java keystores,
if it is possible.
Also, I would like to have an application which does not need apache to
work and which works perfectly in tomcat standalone.
--
_______________________________________________
Josué Alcalde González
[EMAIL PROTECTED]
Dpto. Desarrollo
CSA - Centro Regional de Servicios Avanzados
C/ López Bravo, 1
Pol. Ind. Villalonquéjar (Burgos)
Tel. (+34) 947 256 250
Fax. (+34) 947 256 583
Web: http://www.csa.es
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
