Does anyone out there have any experience with reading client certificate information via mod_jk2? There is a wealth (well, relatively speaking) of documentation available for doing this with mod_jk (e.g. http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html#s5) but it does not seem to be relevant to mod_jk2. Or at least so it seems to me. For example, httpd.conf directives like
"JkExtractSSL On" and
"JkCERTSIndicator SSL_CLIENT_CERT"
do not seem to be recognized when mod_jk2 is loaded rather than mod_jk. Apache complains that these are invalid directives and refuses to start up. It starts up and runs just fine without them, but doesn't seem to be passing the SSL environment variables along to Tomcat.
My configuration is Apache 2.0.44, Tomcat 4.1.18, mod_jk2 built from the connectors-4.1.18 package and the mod_ssl that comes with the 2.0.44 source distribution. I have the following in httpd.conf:
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
Apache and Tomcat are talking to each other just fine, with Apache forcing client certificate authentication for a particular Tomcat context via a VirtualHost directive. Everything seems to be working just great, but when I run a simple "snoop" servlet to look at the headers being passed to Tomcat from Apache, the only SSL environment variable being passed is "javax.servlet.request.cipher_suite" Seems odd to me that it would be the only one, but there it is.
Thanks in advance for any insight any of you might have.
Robert Dana
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- RE: mod_jk2 and client certificates Robert Dana
- RE: mod_jk2 and client certificates Shufelt, Jonathan S.
