Thanks, My ssl conifiguration in Apache was missing
SSLOptions +ExportCertData +StdEnvVars Now it's working with mod_jk2. Radu On Fri, 2 Jul 2004 08:15:32 -0700 , Summers, Bert W. <[EMAIL PROTECTED]> wrote: > I tried to get that working but failed so I went back to mod_jk which does > pass the cert. > > <Directory "/webapps/myapp"> > SSLVerifyClient optional > SSLVerifyDepth 5 > SSLRequireSSL > SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars > Options Indexes FollowSymLinks > DirectoryIndex index.jsp > </Directory> > > > > -----Original Message----- > From: Radu Radutiu [mailto:[EMAIL PROTECTED] > Sent: Friday, July 02, 2004 7:49 AM > To: Tomcat Users List > Subject: Apache2 SSL with client authentication jk2 tomcat 5 - no user > certificate in request > > Hi, > > I'm running Tomcat 5 + jdk 1.4.2_02 + Apache 2.0.49 (Fedora 1) with mod_jk2. > I can access the web app through SSL (with client authentication enabled in > Apache) but the following attributes are not set in the request: > "javax.servlet.request.cipher_suite", > "javax.net.ssl.peer_certificates" and > "javax.servlet.request.X509Certificate" > If I access the Tomcat server directly on a port configured with SSL with > client authentication, "javax.servlet.request.cipher_suite" and > "javax.servlet.request.X509Certificate" are set correctly. > > I've tried different versions of tomcat (5.0.25 and 4.1.27), mod_jk2 from > the binary distribution and self compiled and get the same result. Running > a traffic sniffer it seems that the certificate information is never sent to > the tomcat server. > > The jk2 configuration (in httpd.conf) is the following: > > LoadModule jk2_module modules/mod_jk2.so > JkSet config.file /etc/httpd/conf/workers2.properties > # default value > JkSet2 workerEnv sslEnable 1 > JkSet2 workerEnv forwardKeySize 1 > > The workers2.properties is the default file from the binary distribution > with the updated uri for the web application. > > Is it possible to get the user certificate in Tomcat when using Apache > + mod_jk2 as a front end? > > Regards, > > Radu > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
