Turning on debugging in Tomcat 5.5
Most of the installed Tomcat classes have something like container.isDebugEnabled() {...} How do I enable these debug statements in Tomcat 5.5? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Certificate authentication
I have looked at the source code and it seems to me that presented client certificates are only checked for their validity dates, and NOT for whether they have been revoked. I am able to access my Tomcat site with a revoked certificate. It is easy to implement OCSP and/or CRL checking, so I implemented an X509Realm that extends BasicRealm. I overrode all of the authenticate() methods, but they are never called when I access my site. I put my realm in the Engine and require CLIENT-CERTS in the site Context. Why don't my methods get called? The start() method gets called, but nothing else. Jim Rome - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realms and certificates
None of the standard realms do certificates properly. For example, o.a.c.authenticator.SSLAuthenticator.java does not check to see if a certificate has been revoked. The LDAP realm compares the presented certificate to the one in the LDAP which puts a burden on the LDAP to unpublish revoked certificates. This is also rather unnecessary because given the CA certifdicate and the OCSP address, any presented certificate can be authenticated properly. So I write my own Realm by extending RealmBase and modifying the public Principal authenticate(X509Certificate certs[]) method. I put this realm inside the Engine tag and commented out the userdatabase realm. But, so far as I can tell, my authenticate method is never called. Print statements (using the 5.5 log techniques) only appear from the start() method, never from authenticate(). And I can get in with revoked client certificates. Does anyone have an idea of what is happening? How can I debug this? Thanks, Jim Rome - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL error -12229
I have installed Tomcat5 on Solaris in the Sun jwdsp-1.3. I created the certificates as per the instructions in the server.xml file, and uncommented the ssl server section. But when I try to connect to it, after the server presents me with its certificate, I get error -12229 What is wrong? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]