With Tomcat 4.1.18 there is an (undocumented??) attribute in the request, which holds the certificate trust chain as an X509Certificate[].
request.getAttribute("javax.servlet.request.X509Certificate") I have seen exceptions under Tomcat 4.1.12 (some SSL HANDSHAKE problem) in the log, which explain why there was no such attribute in the request. - Josef ----- Original Message ----- From: "Bodycombe, Andrew" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Friday, March 14, 2003 12:19 PM Subject: RE: Do you run Tomcat with SSL? You can write a class that implements the X509TrustManager interface. Then initialize your SSLContext with this TrustManager. Get a SocketFactory for your SSLContext. Finally, set this as the default SocketFactory for all HttpsUrlConnections. The code in your checkClientTrusted method will execute every time someone tries to make a connection via HTTPS. This method takes an array of X509Certificates as a parameter (the whole certificate chain, not just the supplied client certificate) HTH Andy -----Original Message----- From: Josef Templ [mailto:[EMAIL PROTECTED] Sent: 14 March 2003 11:10 To: Tomcat Users List Subject: Re: Do you run Tomcat with SSL? I can confirm that it works. I am using tomcat 4.1.12. The only point I have not solved so far is how to get access to the client certificate in my servlet or JSP. I would like to do programmatic security, i.e. store users in a database and verify the authenticated user in a JSP or servlet. Does anybody know if this is possible at all? - Josef Templ ----- Original Message ----- From: "Gabriel Santonja" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, March 14, 2003 11:56 AM Subject: Re: Do you run Tomcat with SSL? > On Thu, 13 Mar 2003 19:51:57 -0800 (PST) > Mark Liu <[EMAIL PROTECTED]> wrote: > > > I know you guys have your great strategies in > > balancing Apache and Tomcat. > > > > But, my project isn't really so picky about > > efficiency, so I simply run Tomcat with SSL all the > > time. It simplifies my project a little bit. > > > > But then I do need to be able to run Tomcat SSL with > > the certificated generated by my little Java program. > Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but > on linux it work fine with SSL on the 8443 port > > Actually my own problem is to use SSL only in realm login page but it's > visibly difficult. > Goodbye. > ___________________________________________________________ > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! > Yahoo! Mail : http://fr.mail.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]