Thank you for your response. I would have definitely not written to this group, if my question would just related to SSL terminating on Apache. Here is my scenario: ___________ ____________ | | | | | A |____________________| B | |___________| |____________|
A is a tomcat server and B is an Apache server bastion of all the web service inside. Apache needs client side Authentication. My question is what I need to do on A( tomcat) so that it can accepts certificate from B and B will accept certificate from A (tomcat). Thank you. Santos On Fri, Mar 19, 2010 at 2:50 AM, Albert Tumanov <altum...@gmail.com> wrote: > If your SSL terminates on Apache then you are obviously in the wrong > mailing list :) > > You have nothing to configure in Tomcat. > > > > On Thu, Mar 18, 2010 at 7:20 PM, rangeli nepal <rangeli.ne...@gmail.com> > wrote: > > Good Morning Everybody, > > > > Currently I am trying set up a tomcat instance so that it can access web > > service by accepting server side certificate and pass the client side > cert > > to server. > > > > I am not sure how to do it, > > > > I thought one way would be to set > > > > CATALINA_OPTS="-Djavax.net.ssl.trustStore=<java key store> > > -Djavax.net.ssl.trustStorePassword=<password>" > > > > But no avail, when I am try to access the service I see following line it > > apache log ( Apache is working as gateway for web services, SSL > terminates > > here) : > > > > Re-negotiation handshake failed: Not accepted by client!?, > > referer:............................ > > > > I think java key store file that tomcat refers to, has ca certificate of > the > > server and it has private key and certificate of the client certificate > > provision on apache. > > > > Personally, I do not think I need to do any thing to connectors in > > server.xml > > > > Any clue will be highly appreciated. > > > > Thank you. > > rn > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >