Hello. I would like to get some advise about a new application I am developing.
It needs SSL with client certificate and it will be written in java and deployed in Tomcat 6 with java 6. The server will be shared with other applications in java, php and perhaps other. Now, it is a ubuntu 6.06 server with an apache 2.0 instalation, a tomcat 6.0 and a mod_jk 1.2.14. There are some applications writen in php and a java aplication. The java application is served by apache using mod_jk. It uses SSL but it doesn't need client certificate. SSL is only configured in Apache. Tomcat 6 uses normal connections (8080, 8009) which are closed. This works perfectly but my next application will need client auth using a X509Certificate and I need a way to get it in my Servlets. I have read some documentation in google and I have try it. First, I configured a Virtual Host with Apache --------------------------------------------------------- <VirtualHost *:443> ServerAdmin [EMAIL PROTECTED] ServerSignature On SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem SSLVerifyClient optional_no_ca JkExtractSSL On JkMount /ovt ajp13_worker JkMount /ovt/* ajp13_worker </VirtualHost> --------------------------------------------------------- Then, I made a Servlet to try it: ----------------------------------------------------------- // Display the cipher suite in use String cipherSuite = (String) request.getAttribute("javax.net.ssl.cipher_suite"); out.println("Cipher Suite: " + cipherSuite); // Display the client's certificates, if there are any if (cipherSuite != null) { X509Certificate certChain[] = (X509Certificate[]) request.getAttribute("javax.net.ssl.peer_certificates"); if (certChain != null) { for (int i = 0; i < certChain.length; i++) { out.println ("Client Certificate [" + i + "] = " + certChain[i].toString()); } } ----------------------------------------------------------- And it didn't work. CipherSuite is always null. I haven't configured anything in tomcat. As I have read, it should work but it is obvious I am missing something. I would like to manage SSL with Apache better than using java keystores, if it is possible. Also, I would like to have an application which does not need apache to work and which works perfectly in tomcat standalone. -- _______________________________________________ Josué Alcalde González [EMAIL PROTECTED] Dpto. Desarrollo CSA - Centro Regional de Servicios Avanzados C/ López Bravo, 1 Pol. Ind. Villalonquéjar (Burgos) Tel. (+34) 947 256 250 Fax. (+34) 947 256 583 Web: http://www.csa.es --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]