Thanks Mark, I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat?
I use the following code to get the client cert, but certs object is null: public void verificaCertCliente(HttpServletRequest req) throws ServletException { String[] mensagem = null; X509Certificate[] certs = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); if (certs != null) { for (int i = 0; i < certs.length; i++) { mensagem[i] = ("Client Certificate [" + i + "] = " + certs[i].toString()); log.info(mensagem[i]); } } else { if ("https".equals(req.getScheme())) { log.info("This was an HTTPS request, " + "but no client certificate is available"); } else { log.info("This was not an HTTPS request, " + "so no client certificate is available"); } } } Thanks in advance for your attention. markt-2 wrote: > > On 19/04/2010 13:05, acastanheira2001 wrote: >> >> Hi, >> >> I have an apache server in front of Tomcat/Jboss, the former receives the >> client cert and does revocation list and trust validation. >> >> I need to pass the client cert to Tomcat only to check the >> SubjectAltNames. >> >> As far as trust accreditation is done by apache, does Tomcat need to have >> a >> keystore and https set? > > No. > > Mark > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28333274.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org