The following line from you mod_jk log really shows what is being forwarded as an attribute to Tomcat. This is logged after retrieving the data from Apache but before sending it over the wire. At least we know we got the data from Apache and because it is three and not four certs it is likely, that the root will not be forwarded.
On 20.11.2009 17:20, Christopher Schultz wrote: [Fri Nov 20 15:45:13.878 2009] [7826:3057286032] [debug] init_ws_service::mod_jk.c (867): SSL client certificate (3620 bytes): -----BEGIN CERTIFICATE----- MIIC+zCCAmSgAwIBAgICFEowDQYJKoZIhvcNAQEFBQAwgYAxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhNYXJ5bGFuZDEhMB8GA1UEChMYVG90YWwgQ2hpbGQgSGVhbHRo LCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMxKjAoBgNVBAMTIUNIQURJUyBDbGllbnQg U2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ5MDVaFw0xMTExMTkyMTQ5 MDVaMIGHMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoT GFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMTEwLwYD VQQDFChDSEFESVMvRnJhbmtsaW4gU3F1YXJlIEhvc3BpdGFsIFdpUGFkICMxMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+TezrUb2Bo889dnSHQ9CSal1Jw0S5 eV/74IlGMNnDS9PYZ8ITtdJXj3h9B1Ob8PjWpsDJQ03rb0oQEfX51nt6tcjQgRoV h1UGPF0uWvyyRqmK3EvmyGdtRCpgEtknf/e7DV84yGyxLD9dS+DzB8NnDoGV+kZf Q+HxIMp7W+NKuwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUL4u3oJ0I19j1 j9FO7PmBZIKVqEwwHwYDVR0jBBgwFoAUqDuUvZYFkbiMwWdfjg2viJUd7f8wDQYJ KoZIhvcNAQEFBQADgYEAFXM0unMuvuf1ablBIhbgY3lJf1Mj3kk91ByUVrUDMZTf CWymm3dM4yoWX3XL67iatYNW5bNBcr+pOtPZB59vIC/kiadZY4jKqNmEeEZ3XHOn sEpUnvgA/a1JGGRRa4r47zepuPCDtg7RVTjiK+MlX8YkSkIuhyc51cApPHgPD8g= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDbzCCAtigAwIBAgICM0AwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx ETAPBgNVBAgTCE1hcnlsYW5kMSEwHwYDVQQKExhUb3RhbCBDaGlsZCBIZWFsdGgs IEluYy4xDzANBgNVBAsTBkNIQURJUzEoMCYGA1UEAxMfQ0hBRElTIFJvb3QgU2ln bmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ4MzNaFw0xOTExMTcyMTQ4MzNa MIGAMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoTGFRv dGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMSowKAYDVQQD EyFDSEFESVMgQ2xpZW50IFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBALMWXLw/9nmrZwgl34YxKnPkC0lWAxlGAXAIfwOAPvSL NciE1RfDGgdSPIn1zy6xnK00Ul2lzQUIpau2+Cl4IL8YW9uhLbKL3MLWnfEkkb7K R8jFRK6QYzHwvvkD6LaCk0nwePNdsltyCt3o9zq49OKOxuwv9TlZDSCIPb5I0xHt AgMBAAGjgfgwgfUwHQYDVR0OBBYEFKg7lL2WBZG4jMFnX44Nr4iVHe3/MIG4BgNV HSMEgbAwga2AFChNal3wLZ2NXSnmDV20IB7Tks8GoYGQpIGNMIGKMQswCQYDVQQG EwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEhMB8G A1UEChMYVG90YWwgQ2hpbGQgSGVhbHRoLCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMx IDAeBgNVBAMTF0NIQURJUyBSb290IENlcnRpZmljYXRlggIhXjAMBgNVHRMEBTAD AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQBHd+pjS+Yzz0A3lOkR pwTJSssxQ4fJ/52LjEYvtrI5uDGBkF0/yXEaI4PBAzE79NiqhAEzkSApRbVhfNbs Ar6PD0T/COi3gU5dejzoiymZdzAgawagTASkP4UUKQVKBFkQtbmGB5LNNzcXsOea rkFU0ywatgSU5zCheaWkinfVzw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDgDCCAumgAwIBAgICIV4wDQYJKoZIhvcNAQEFBQAwgYoxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhNYXJ5bGFuZDESMBAGA1UEBxMJQmFsdGltb3JlMSEwHwYDVQQK ExhUb3RhbCBDaGlsZCBIZWFsdGgsIEluYy4xDzANBgNVBAsTBkNIQURJUzEgMB4G A1UEAxMXQ0hBRElTIFJvb3QgQ2VydGlmaWNhdGUwHhcNMDkxMTE5MjE0NzQ5WhcN MTkxMTE3MjE0NzQ5WjB+MQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQx ITAfBgNVBAoTGFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hB RElTMSgwJgYDVQQDEx9DSEFESVMgUm9vdCBTaWduaW5nIENlcnRpZmljYXRlMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRH0fCILLYQ6GlYIPLKqSkB088eSOO e3a5WYPsM7+2hxZ/Cfhlo+kWHGTGV/hj5mNTNNOrzlYP/0dj5SPAxWb3rctI/tSv ng1OYHJDbuHPem4AUFu6J8bCWKx1VHRwEI+EOCASHsyTVx6zwzdGceTwdZOLJ0au h+DD504Hr/J0AwIDAQABo4H/MIH8MB0GA1UdDgQWBBQoTWpd8C2djV0p5g1dtCAe 05LPBjCBvwYDVR0jBIG3MIG0gBQ7YcI6LIrWzvdFGyUBmNDqnsj1UqGBkKSBjTCB ijELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0 aW1vcmUxITAfBgNVBAoTGFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UE CxMGQ0hBRElTMSAwHgYDVQQDExdDSEFESVMgUm9vdCBDZXJ0aWZpY2F0ZYIJAN3k WK0VaBELMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUA A4GBAE6nIhSpGR36zuP70sqgOcui+KvtsC2oqJziEENrzSW9aaEdGifDX0/UeMY2 94X9b2DaUY4m1Zbi/ybTzENxkK+qwPZTgfsN5xkXwm8grXz/r8y1zT1Jkdl0EH5G ihpbqb5COIdhUiAq+cdqfa5sRe0CB1olxD8UqVlORDcikydH -----END CERTIFICATE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org