-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
On 10/22/2009 11:50 AM, Christopher Schultz wrote:
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLCACertificateFile conf/my-client-cert-ca.crt
Okay, I took the above steps and I can see that Apache httpd will
properly reject clients when using "SSLVerifyClient require" and a
signed client certificate cannot be found.
If the client certificate IS provided, Apache httpd will allow access to
a protected <Location>.
After confirming that...
> Next, I need my mod_jk/Tomcat configuration updated so that I can get
> the certificate forwarded via AJP:
>
> # not sure if this is required, since validation of the client
> # cert has already occurred.
> JkOptions +ForwardSSLCertChain
>
> Finally, in my code:
>
> X509Certificate clientCert =
> (X509Certificate)req.getAttribute("javax.servlet.request.X509Certificate");
The above code ends up with a null object. I have a request snooping JSP
file, too, that confirms that this request attribute is not present
(though I do know that certain request attributes are not reported by
request.getAttributeNames).
Is there something else I'm missing?
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrgqyIACgkQ9CaO5/Lv0PAwswCgqSXrn7xCfDUYjzayOX76sZtH
ZLMAn3k9mYrpkJz6UABB0zBCy1jN6lhN
=B31h
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
