RE: Apache2 SSL with client authentication jk2 tomcat 5 - no user certificate in request

Fri, 02 Jul 2004 08:16:52 -0700 

I tried to get that working but failed so I went back to mod_jk which does
pass the cert.

    <Directory "/webapps/myapp">
        SSLVerifyClient optional
        SSLVerifyDepth  5
        SSLRequireSSL
        SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
        Options Indexes FollowSymLinks
        DirectoryIndex index.jsp 
    </Directory>

-----Original Message-----
From: Radu Radutiu [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 02, 2004 7:49 AM
To: Tomcat Users List
Subject: Apache2 SSL with client authentication jk2 tomcat 5 - no user
certificate in request


Hi,

I'm running Tomcat 5 + jdk 1.4.2_02 + Apache 2.0.49 (Fedora 1) with mod_jk2.
I can access the  web app through SSL (with client authentication enabled in
Apache) but the following attributes are not set in the request:
"javax.servlet.request.cipher_suite",
"javax.net.ssl.peer_certificates" and
"javax.servlet.request.X509Certificate"
If I access the Tomcat server directly on a port configured with SSL with
client authentication, "javax.servlet.request.cipher_suite"  and
"javax.servlet.request.X509Certificate" are set correctly.

I've tried different versions of tomcat (5.0.25 and 4.1.27), mod_jk2 from
the binary distribution and  self compiled and get the same result. Running
a traffic sniffer it seems that the certificate information is never sent to
the tomcat server.

The jk2 configuration (in httpd.conf) is the following:

LoadModule jk2_module modules/mod_jk2.so
JkSet config.file /etc/httpd/conf/workers2.properties
# default value
JkSet2 workerEnv sslEnable 1
JkSet2 workerEnv forwardKeySize  1

The workers2.properties is the default file from the binary distribution
with the updated uri for the web application.

Is it possible to get the user certificate in Tomcat when using Apache
+ mod_jk2 as a front end?

Regards,

Radu

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to