> -----Mensaje original----- > De: jean-frederic clere [mailto:[EMAIL PROTECTED] > Enviado el: miércoles, 06 de octubre de 2004 16:54 > Para: Tomcat Developers List > Asunto: Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet > > What do have in httpd.conf? > > In my httpd.conf I've appended the following lines related to mod_ssl and mod_jk: Include /usr/local/java/tomcat4/conf/mod_jk.conf Include /usr/local/apache/conf/ssl.conf
File mod_jk.conf looks like this: <IfModule !mod_jk.c> LoadModule jk_module "/usr/local/apache/libexec/mod_jk.so" </IfModule> JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT JkEnvVar SSL_PROTOCOL sslProtocol JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0 JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT JkWorkersFile "/usr/local/java/tomcat4/conf/workers.properties" JkLogFile "/var/log/httpd/mod_jk.log" JkLogLevel debug And file ssl.conf: <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /var/log/httpd/ssl_engine_log SSLLogLevel info <VirtualHost _default_:443> DocumentRoot "/usr/local/httpd/sslhtdocs" ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/smurf.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/smurf.key SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt SSLCARevocationPath /usr/local/apache/conf/ssl.crl SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StdEnvVars +ExportCertData <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars +ExportCertData </Files> <Directory "/usr/local/apache/cgi-bin"> SSLOptions +StdEnvVars +ExportCertData </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" #################### www.semarket.com:/certiver #################### # Static files Alias /certiver "/usr/local/java/tomcat4/webapps/certiver" <Directory "/usr/local/java/tomcat4/webapps/certiver"> Options Indexes FollowSymLinks DirectoryIndex index.jsp index.html </Directory> <Location "/certiver/WEB-INF/*"> AllowOverride None deny from all </Location> <Location "/certiver/META-INF/*"> AllowOverride None deny from all </Location> JkMount /certiver/* ajp13 </VirtualHost> </IfDefine> Thanks! _______________________ Jesus Luna Garcia CertiVeR (U.E. Funded Project) [EMAIL PROTECTED] http://www.certiver.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]