Ok, so in short ots not possible to mutually authenticate the mod-proxy and a
tomcat connector, correct?
I'm needing to convert an ajp configuration to mod-proxy, but a security
architect wants the other as well.
Thanks,
Sent with BlackBerry Work (www.blackberry.com)
__
I'm starting both the server and the client with both key and trust.
Does that bite?
I would avoid giving access to the key to anything that doesn't
absolutely need it. Usually, only the server needs access to the key.
-chris
---
On 6/2/22 14:38, Beard, Shawn wrote:
> I've never done this. But I think it would go something like this:
> To make tomcat take advantages of Client Authentication, require three
> certificates. i.e A Server Certificate for Tomcat, Client Certificate
> for the browser/Apache and Certificate of the
Jon,
On 6/2/22 14:20, jonmcalexan...@wellsfargo.com.INVALID wrote:
I'm trying to figure out if there is a way to use certificates
between Tomcat and Apache for mutual authentication of the mod-proxy
connection to Tomcat. This would be similar as to how you can setup
the WebSphere plugin to commu
Rob,
On 6/2/22 14:19, Rob Sargent wrote:
Caused by: java.lang.IllegalArgumentException: Alias name [sgsAgent]
does not identify a key entry
at
> [...]
but I believe the alias is in place, both places
## check, different files
[ec2-user@ip-10-0-2-118 certs]ls
That was my thought also, but wouldn’t that then require the end-users to also
have certificates? Or would it just be Apache HTTPD? Basically the end users
connection terminates at the proxy, and the proxy uses its own connection to
pass it thru. Is that right?
Dream * Excel * Explore * Inspire
java -Djavax.net.ssl.keyStore=/ppr/certs/sgstrust.p12
-Djavax.net.ssl.keyStoreType=PKCS12
-Djavax.net.ssl.keyStorePassword=p1
-Djavax.net.ssl.trustStore=/ppr/certs/fullca.p12
-Djavax.net.ssl.trustStoreType=PKCS12
-Djavax.net.ssl.trustStorePassword=p2
--oper=1 --seg=id
I've never done this. But I think it would go something like this:
To make tomcat take advantages of Client Authentication, require three
certificates. i.e A Server Certificate for Tomcat, Client Certificate for the
browser/Apache and Certificate of the CA which will sign both the above
mentione
I'm trying to figure out if there is a way to use certificates between Tomcat
and Apache for mutual authentication of the mod-proxy connection to Tomcat.
This would be similar as to how you can setup the WebSphere plugin to
communicate with WebSphere over a mutually secured connection. Is this p
Hang on. I'm panicking. I have a plane to catch in 3 hours and need
this working by then.
ws s3 cp fullca.p12 s3://691459864434-sgs-source/certs/sgstrust.p12
splatting one file on top of the other
Midway through this email when you last came in: "Not running" is
spot-on becase...
T
Rob,
On 6/2/22 13:43, Rob Sargent wrote:
I had this overall configuration working until I 'terminated' the AWS
server instance and am trying to rebuild.
Could a lack of network connectivity between client and server
present this same symptom?
Hmm. Your SAN looks okay to me. Are you 100%
On 6/2/22 11:43, Rob Sargent wrote:
I had this overall configuration working until I 'terminated' the
AWS server instance and am trying to rebuild.
Could a lack of network connectivity between client and server
present this same symptom?
Hmm. Your SAN looks okay to me. Are you 100% sure
I had this overall configuration working until I 'terminated' the AWS
server instance and am trying to rebuild.
Could a lack of network connectivity between client and server
present this same symptom?
Hmm. Your SAN looks okay to me. Are you 100% sure you have that
certificate configured
Rob,
On 6/2/22 01:13, Rob Sargent wrote:
This part always confuses me
I supply the trust and key store files on the command line and I see the
SAN for the tomcat server IP (in ObjectId #3). I try to connect to
tomcat by host-IP and port. Here's the text of the keystore sent in.
Keystor
14 matches
Mail list logo