Hello all, Not sure if this is the proper area to post but here goes. I have a debian os running Apache 2.2.16(debian) along with tomcat 6.0.29. I use mod_jk as well as mod_auth_kerb module for apache.
I use common access cards and allow apache kerb module to handle all auth and it works just fine except when I access some of my apps that have ajax calls back to the same server. Now if I force common access card in apache I get errors in catalina.out as follows: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. Now as I said I dont do any auth at the tomcat level its all done at the apache level. It seems like tomcat is trying to validate the client certs that mod_jk is passing along. The question is, how do I tell tomcat to ignore the client certs? I only have the AJP connector active in tomcat and it looks like the following: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" clientAuth="false" SSLVerifyClient="false" /> Any ideas? If there is an easy way to accept the client certs (even though I do nothing with them) then I could do that as well. Thanks for any advice and sorry if this is not the correct forum for this. Cheers!
