Re: SSL Client Auth through tomcat
Thank you for your response. I would have definitely not written to this group, if my question would just related to SSL terminating on Apache. Here is my scenario: ___ | | | | |A ||B | |___| || A is a tomcat server and B is an Apache server bastion of all the web service inside. Apache needs client side Authentication. My question is what I need to do on A( tomcat) so that it can accepts certificate from B and B will accept certificate from A (tomcat). Thank you. Santos On Fri, Mar 19, 2010 at 2:50 AM, Albert Tumanov altum...@gmail.com wrote: If your SSL terminates on Apache then you are obviously in the wrong mailing list :) You have nothing to configure in Tomcat. On Thu, Mar 18, 2010 at 7:20 PM, rangeli nepal rangeli.ne...@gmail.com wrote: Good Morning Everybody, Currently I am trying set up a tomcat instance so that it can access web service by accepting server side certificate and pass the client side cert to server. I am not sure how to do it, I thought one way would be to set CATALINA_OPTS=-Djavax.net.ssl.trustStore=java key store -Djavax.net.ssl.trustStorePassword=password But no avail, when I am try to access the service I see following line it apache log ( Apache is working as gateway for web services, SSL terminates here) : Re-negotiation handshake failed: Not accepted by client!?, referer: I think java key store file that tomcat refers to, has ca certificate of the server and it has private key and certificate of the client certificate provision on apache. Personally, I do not think I need to do any thing to connectors in server.xml Any clue will be highly appreciated. Thank you. rn - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Client Auth through tomcat
Thank you. That is something I am not clear about. Suppose there is link( https://B) provided on an web application hosted at A (tomcat server) that access service on B which through a response.redirect(https://B...) Once user clicks that link a encrypted channel is established between A and B. If B asks client certificate A will furnish it. I am not sure if this responsibility falls to web application or container ? If it is container I do not see what configuration I need to do. Thank you. rn On Fri, Mar 19, 2010 at 9:33 AM, André Warnier a...@ice-sa.com wrote: rangeli nepal wrote: Thank you for your response. I would have definitely not written to this group, if my question would just related to SSL terminating on Apache. Here is my scenario: ___ | | | | |A ||B | |___| || Unfortunately, as you have probably noticed, that drawing does not come out very well in this media. But thanks for trying. A is a tomcat server and B is an Apache server bastion of all the web service inside. Apache needs client side Authentication. My question is what I need to do on A( tomcat) so that it can accepts certificate from B and B will accept certificate from A (tomcat). Which makes me think that this has nothing to do with Tomcat per se. It looks like what you want is that some /application/ running inside Tomcat would be able to connect to Apache via SSL, and exchange certificates with it. That would be a pure Java programming matter, and the fact that the application itself happens to be running inside Tomcat is purely circumstancial and changes nothing to the matter. Or am I misunderstanding your schema ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL Client Auth through tomcat
Good Morning Everybody, Currently I am trying set up a tomcat instance so that it can access web service by accepting server side certificate and pass the client side cert to server. I am not sure how to do it, I thought one way would be to set CATALINA_OPTS=-Djavax.net.ssl.trustStore=java key store -Djavax.net.ssl.trustStorePassword=password But no avail, when I am try to access the service I see following line it apache log ( Apache is working as gateway for web services, SSL terminates here) : Re-negotiation handshake failed: Not accepted by client!?, referer: I think java key store file that tomcat refers to, has ca certificate of the server and it has private key and certificate of the client certificate provision on apache. Personally, I do not think I need to do any thing to connectors in server.xml Any clue will be highly appreciated. Thank you. rn
Re: Apache 2.2.8+tomcat 6.0.16+Window vista http 404
Thank you Rainer for your reply. Based on your suggestion I did following 0. removed the auto from Include directive. 1. There was log entry specified in mod_jk.conf. It was pointing to the log file in tomcat directory I changed in point to the log file in apache directory. restarted things. 2. Moved the entries to httpd.conf. no effect. 3. Commented out the entries just to see if log is created or not no effect. I think may be my shared library is corrupted but again apache should have complained. On Sat, Jul 19, 2008 at 7:51 AM, Rainer Jung [EMAIL PROTECTED] wrote: rangeli nepal schrieb: Recently I installed apache and tomcat. Environment is depicted int subject line. They both work nice and fine independently. I am trying to integrate them with mod_jk. I belive I followed all the steps suggested by document. 1. I downloaded mod_jk ( 1.2.26) kept it as mod_jk.so in modules directory and added following in line httpd.conf LoadModule jk_module modules/mod_jk.so This alone should already define a default log file mod_jk.log in the logs sub directory of your Apache web server (not the Tomcat directory) and configure it with log level info. Of course you can overwrite that, if you want. If the mod_jk.conf file you wrote doesn't work, is the default log file there? 3. Went back to http.conf Added following line at the end Include C:/softwares/Apache/apache-tomcat-6.0.16/apache-tomcat-6.0.16/conf/auto/mod_jk.conf-auto -auto ? my mod_jk.conf looks like somthing like this: no -auto? Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache 2.2.8+tomcat 6.0.16+Window vista http 404
Recently I installed apache and tomcat. Environment is depicted int subject line. They both work nice and fine independently. I am trying to integrate them with mod_jk. I belive I followed all the steps suggested by document. 1. I downloaded mod_jk ( 1.2.26) kept it as mod_jk.so in modules directory and added following in line httpd.conf LoadModule jk_module modules/mod_jk.so 2. Went to tomcat Installation, changed server.xml. Added following lines. Listener className=org.apache.jk.config.ApacheConfig modJk=C:/Program Files/Apache Software Foundation/Apache2.2/modules/mod_jk.so workersConfig=C:/softwares/Apache/apache-tomcat-6.0.16/apache-tomcat-6.0.16/conf/jk/workers.properties / Afte the line Server port=8005 shutdown=SHUTDOWN Then Added Listener className=org.apache.jk.config.ApacheConfig append=true forwardAll=false modJk=C:/Program Files/Apache Software Foundation/Apache2.2/m odules/mod_jk.so / After the line Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false started the tomcat mod_jk.conf was created. 3. Went back to http.conf Added following line at the end Include C:/softwares/Apache/apache-tomcat-6.0.16/apache-tomcat-6.0.16/conf/auto/mod_jk.conf-auto Also added following lines after LoadModules JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T Restarted whole thing. Still I can not go to follwoing web page. http://localhost/examples/jsp/index.html 4. Created workers.properties file in ./con/jk ( in tomcat installation). It looks like follwoing # Define 1 real worker using ajp13 worker.list=ajp13 # Set properties for ajp13 (ajp13) worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009 After Reading couple of messages on newsgroup, I thought it will solve the issue if I move the VirtualHost ... Section from mod_jk.conf to httpd.conf but no avail. my mod_jk.conf looks like somthing like this: IfModule !mod_jk.c LoadModule jk_module C:/Program Files/Apache Software Foundation/Apache2.2/modules/mod_jk.so /IfModule JkWorkersFile C:/softwares/Apache/apache-tomcat-6.0.16/apache-tomcat-6.0.16/conf/jk/workers.properties JkLogFile C:/softwares/Apache/apache-tomcat-6.0.16/apache-tomcat-6.0.16/logs/mod_jk.log JkLogLevel trace am I missing something? Worst thing I can not see mod_jk log Thank you. rn
