Thanks Mark,
I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to
Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat?
I use the following code to get the client cert, but certs object is null:
public void verificaCertCliente(HttpServletRequest req) throws
ServletException
{
String[] mensagem = null;
X509Certificate[] certs = (X509Certificate[])
req.getAttribute("javax.servlet.request.X509Certificate");
if (certs != null) {
for (int i = 0; i < certs.length; i++) {
mensagem[i] = ("Client Certificate [" + i + "] = " +
certs[i].toString());
log.info(mensagem[i]);
}
} else {
if ("https".equals(req.getScheme())) {
log.info("This was an HTTPS request, " + "but no client certificate is
available");
} else {
log.info("This was not an HTTPS request, " + "so no client certificate
is available");
}
}
}
Thanks in advance for your attention.
markt-2 wrote:
>
> On 19/04/2010 13:05, acastanheira2001 wrote:
>>
>> Hi,
>>
>> I have an apache server in front of Tomcat/Jboss, the former receives the
>> client cert and does revocation list and trust validation.
>>
>> I need to pass the client cert to Tomcat only to check the
>> SubjectAltNames.
>>
>> As far as trust accreditation is done by apache, does Tomcat need to have
>> a
>> keystore and https set?
>
> No.
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/Client-cert-authentication-tp28287654p28333274.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
