RE: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet

Jesús Luna Thu, 07 Oct 2004 00:54:18 -0700

> -----Mensaje original-----
> De: jean-frederic clere [mailto:[EMAIL PROTECTED]
> Enviado el: miércoles, 06 de octubre de 2004 16:54
> Para: Tomcat Developers List
> Asunto: Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
>
> What do have in httpd.conf?
>
>
In my httpd.conf I've appended the following lines related to mod_ssl and
mod_jk:
Include /usr/local/java/tomcat4/conf/mod_jk.conf
Include /usr/local/apache/conf/ssl.conf


File mod_jk.conf looks like this:
        <IfModule !mod_jk.c>
        LoadModule jk_module "/usr/local/apache/libexec/mod_jk.so"
        </IfModule>
        JkExtractSSL On
        JkHTTPSIndicator HTTPS
        JkSESSIONIndicator SSL_SESSION_ID
        JkCIPHERIndicator SSL_CIPHER
        JkCERTSIndicator SSL_CLIENT_CERT
        JkEnvVar SSL_PROTOCOL sslProtocol
        JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0
        JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT
        JkWorkersFile "/usr/local/java/tomcat4/conf/workers.properties"
        JkLogFile "/var/log/httpd/mod_jk.log"
        JkLogLevel debug

And file ssl.conf:
  <IfDefine SSL>
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl
  SSLPassPhraseDialog  builtin
  SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
  SSLSessionCacheTimeout  300
  SSLMutex  file:/usr/local/apache/logs/ssl_mutex
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  SSLLog      /var/log/httpd/ssl_engine_log
  SSLLogLevel info
  <VirtualHost _default_:443>
  DocumentRoot "/usr/local/httpd/sslhtdocs"
  ErrorLog /var/log/httpd/error_log
  TransferLog /var/log/httpd/access_log
  SSLEngine on
  SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /usr/local/apache/conf/ssl.crt/smurf.crt
  SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/smurf.key
  SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
  SSLCARevocationPath /usr/local/apache/conf/ssl.crl
  SSLVerifyClient require
  SSLVerifyDepth  10
  SSLOptions +StdEnvVars +ExportCertData

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars +ExportCertData
  </Files>
  <Directory "/usr/local/apache/cgi-bin">
      SSLOptions +StdEnvVars +ExportCertData
  </Directory>
  SetEnvIf User-Agent ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
  CustomLog /var/log/httpd/ssl_request_log \
            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  #################### www.semarket.com:/certiver ####################
         # Static files
         Alias /certiver "/usr/local/java/tomcat4/webapps/certiver"
        <Directory "/usr/local/java/tomcat4/webapps/certiver">
            Options Indexes FollowSymLinks
            DirectoryIndex index.jsp index.html
        </Directory>
       <Location "/certiver/WEB-INF/*">
         AllowOverride None
          deny from all
       </Location>
       <Location "/certiver/META-INF/*">
         AllowOverride None
         deny from all
       </Location>
       JkMount /certiver/* ajp13
  </VirtualHost>
  </IfDefine>


Thanks!

_______________________
Jesus Luna Garcia
CertiVeR (U.E. Funded Project)
[EMAIL PROTECTED]
http://www.certiver.com



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet

Reply via email to