On 1/14/11 10:31 PM, g f wrote: > Hello all, > Not sure if this is the proper area to post but here goes. > I have a debian os running Apache 2.2.16(debian) along with tomcat 6.0.29. I > use mod_jk as well as mod_auth_kerb module for apache. > > I use common access cards and allow apache kerb module to handle all auth > and it works just fine except when I access some of my apps that have ajax > calls back to the same server. Now if I force common access card in apache I > get errors in catalina.out as follows: > > javax.net.ssl.SSLHandshakeException: Received fatal alert: > handshake_failure. > > Now as I said I dont do any auth at the tomcat level its all done at the > apache level. It seems like tomcat is trying to validate the client certs > that mod_jk is passing along. The question is, how do I tell tomcat to > ignore the client certs? > > I only have the AJP connector active in tomcat and it looks like the > following: > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" > tomcatAuthentication="false" clientAuth="false" SSLVerifyClient="false" /> > > Any ideas?
Umm, that sounds odd. Do you get any messages about the connector during server startup? Do you get a stacktrace or just a log message? What is the full log line or stack? > If there is an easy way to accept the client certs (even though I do nothing > with them) then I could do that as well. Are you sure it's not due to an outbound connection attempt from some part of your app? p > Thanks for any advice and sorry if this is not the correct forum for this.
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature