RE: Tomcat 10.1.36 Configuration Question: Client Certificate(s) missing from servlet request object

Thanks for the help. Best regards, Chris Evans -Original Message- From: Christopher Schultz Sent: Wednesday, February 26, 2025 7:38 AM To: users@tomcat.apache.org Subject: Re: Tomcat 10.1.36 Configuration Question: Client Certificate(s) missing from servlet request object Robert

Re: Tomcat 10.1.36 Configuration Question: Client Certificate(s) missing from servlet request object

. Javax.net.debug output shows my client certificate and a complete chain have been accepted. I have also limited the TLS version to TSSv1.2. What have I missed? Thanks, Chris Evans OS: Ubuntu 22-04 Tomcat Version: 10.1.36 TLS Logging: env | grep OPT CATALINA_OPTS=-Djavax.net.debug=ssl,h

Re: Tomcat 10.1.36 Configuration Question: Client Certificate(s) missing from servlet request object

The last time that I needed to do this > was Tomcat 7 and a lot has changed. > > When connecting with a browser, a trusted connection is established. > Javax.net.debug output shows my client certificate and a complete > chain have been accepted. > > I have also limited the TLS

Tomcat 10.1.36 Configuration Question: Client Certificate(s) missing from servlet request object

to do this was Tomcat 7 and a lot has changed. When connecting with a browser, a trusted connection is established. Javax.net.debug output shows my client certificate and a complete chain have been accepted. I have also limited the TLS version to TSSv1.2. What have I missed? Thanks, Chris

Re: Get Client Certificate Information

't required by anything in the spec. Only the request is mentioned in the specs. -chris -Original Message- From: Timothy Ward Sent: Wednesday, June 21, 2023 4:57 PM To: Tomcat Users List Subject: Re: Get Client Certificate Information EXTERNAL EMAIL - This email originated fro

RE: Get Client Certificate Information

t Users List Subject: Re: Get Client Certificate Information EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any links or attachments unless you recognize and trust the sender. import javax.servlet.http.HttpServletRequest; import javax.sec

Re: Get Client Certificate Information

The compile actually created 4 .class files: CGIServlet$CGIEnvironment.class CGIServlet$CGIRunner.class CGIServlet$HTTPHeaderInputStream.class CGIServlet.class So, I combined them into CGIServlet.jar I'll look at ant deploy. On Thu, Jun 22, 2023 at 5:29 PM Christopher Schultz < ch...@christ

Re: Get Client Certificate Information

Timothy, On 6/22/23 14:01, Timothy Ward wrote: I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771

Re: Get Client Certificate Information

I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771 I got it to compile with my changes

Re: Get Client Certificate Information

Timothy, On 6/21/23 16:56, Timothy Ward wrote: import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; public class GrabCert extends Object { public static String getCommonName() { try { X509Certificat

Re: Get Client Certificate Information

import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; public class GrabCert extends Object { public static String getCommonName() { try { X509Certificate[] certs = (X509Certificate[]) HttpServletRequest().ge

Re: Get Client Certificate Information

Sorry, getHttpServletRequest() came from my code :) It’s not a Jakarta method. In JAX-RS frameworks such as Jersey you can use @Context or @Inject annotations to get request and servlet context objects (such as HttpServletRequest): https://jakarta.ee/specifications/dependency-injection/2.0/apidocs

Re: Get Client Certificate Information

Timothy, On 6/21/23 13:55, Timothy Ward wrote: Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be initially under the (X509Certificate[]) right before the getHttpServletRequest(), so I thought it didn't like the getHttpServletRequest itself, maybe it doesn't like the get

Re: Get Client Certificate Information

;> > >>>>>> Mark > >>>>>> > >>>>>> > >>>>>> On 11/06/2023 22:56, Timothy Ward wrote: > >>>>>>> Doesn't seem to work via perl, where would I have to use that line > of > >&

Re: Get Client Certificate Information

Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be initially under the (X509Certificate[]) right before the getHttpServletRequest(), so I thought it didn't like the getHttpServletRequest itself, maybe it doesn't like the getAttribute method. On Wed, Jun 21, 2023 at 1:52 PM

Re: Get Client Certificate Information

> On Jun 21, 2023, at 11:29 AM, Timothy Ward wrote: > > I tried the following: > > import javax.servlet.http.HttpServletRequest; > import javax.security.cert.Certificate; > import javax.security.cert.X509Certificate; > > X509Certificate[] certs = (X509Certificate[]) > getHttpServletRequest()

Re: Get Client Certificate Information

on Windows Server 2019, is there a way to get the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN via a CGI perl script? I think I have the SSLValve valve implemented, but there is nothing for sure that tells me that it is. The browser prompts for the pin and authenticates just fine, I just need a

Re: Get Client Certificate Information

ServletRequest: > >>>>>> > >>>>>>X509Certificate[] certs = > >>>>>> > >>>>>> > >>>> > >> > (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servl

Re: Get Client Certificate Information

valve implemented, but there is nothing for sure that tells me that it is. The browser prompts for the pin and authenticates just fine, I just need a way to get some of the client certificate information. Thanks, Tim

Re: Get Client Certificate Information

ot;jakarta.servlet.request.X509Certificate"); > >>>> > >>>> > >>>> > >> > https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String) > >>>> > >>>>

Re: Get Client Certificate Information

nted, but there is nothing for sure that tells me that it is. The browser prompts for the pin and authenticates just fine, I just need a way to get some of the client certificate information. Thanks, Tim - To unsubscribe, e-mail:

Re: Get Client Certificate Information

t; Server 2019, is there a way to get the SSL_CLIENT_S_DN and > >> SSL_CLIENT_I_DN > >>> via a CGI perl script? I think I have the SSLValve valve implemented, > >> but > >>> there is nothing for sure that tells me that it is. > >>> > >>> The br

Re: Get Client Certificate Information

in and authenticates just fine, I just need a way to get some of the client certificate information. Thanks, Tim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail

Re: Get Client Certificate Information

at it is. > > > > The browser prompts for the pin and authenticates just fine, I just need > a > > way to get some of the client certificate information. > > > > Thanks, > > Tim > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >

Re: Get Client Certificate Information

alve implemented, but > there is nothing for sure that tells me that it is. > > The browser prompts for the pin and authenticates just fine, I just need a > way to get some of the client certificate information. > > Thanks, > Tim --

Get Client Certificate Information

rompts for the pin and authenticates just fine, I just need a way to get some of the client certificate information. Thanks, Tim

Re: How to setup client certificate based authentication in Tomcat 9

ere. We want to apply client certificate authentication only for one of the process that only Application B will invoke using the above URL. This ^^^ is the important part. Are you using a reverse-proxy, or are clients connecting directly to Tomcat? Thus, we are looking at: - 1) Applying cli

RE: How to setup client certificate based authentication in Tomcat 9

re are several custom processes deployed and multiple clients invoke multiple processes available with Camunda,... hence the is the dynamic part here. We want to apply client certificate authentication only for one of the process that only Application B will invoke using the above URL. Thus,

Re: How to setup client certificate based authentication in Tomcat 9

Parkar, On 4/26/23 10:34, Patkar Omkar Anant wrote: I am a bit newbie to this domain of client certificate-based authentication. We have two applications … A(server) and B(client). Web application A runs on Apache Tomcat 9.0.52. (it’s a REST API based application). Application B invokes the

How to setup client certificate based authentication in Tomcat 9

Hi, I am a bit newbie to this domain of client certificate-based authentication. We have two applications … A(server) and B(client). Web application A runs on Apache Tomcat 9.0.52. (it’s a REST API based application). Application B invokes the rest api of application A. Now we want to

Re: Tomcat 9: Client Certificate verification setting with optional is not working

Mark and Manish, On 5/10/21 13:11, Mark Thomas wrote: On 08/05/2021 18:26, Palod, Manish wrote: Hi, We further debugged the issue and narrowed down the issue to dynamic update of Truststore. We add certificate into TrustStore dynamically. We have to restart the server to use the newly added

Re: Tomcat 9: Client Certificate verification setting with optional is not working

On 08/05/2021 18:26, Palod, Manish wrote: Hi, We further debugged the issue and narrowed down the issue to dynamic update of Truststore. We add certificate into TrustStore dynamically. We have to restart the server to use the newly added certificate. This was working fine with Tomcat 7. I'm

RE: Tomcat 9: Client Certificate verification setting with optional is not working

other details required by Tomcat 9 for this use case? Regards Manish -Original Message- From: Palod, Manish Sent: Wednesday, May 5, 2021 9:21 AM To: Tomcat Users List Subject: RE: Tomcat 9: Client Certificate verification setting with optional is not working Hi Mark, Thank you for

RE: Tomcat 9: Client Certificate verification setting with optional is not working

Hi Mark, Thank you for your suggestion. We will try with private browsing mode. No, we tried in normal browsing mode only. Our issue with optional applies to very first-time access only. When we tried with certificateVerification="required" first, we were prompted with Client c

Re: Tomcat 9: Client Certificate verification setting with optional is not working

ional" attribute in SSLHostConfig Element of Server.xml [in Tomcat 7, we were setting clientAuth="want" ] When I am trying to access application from browser, where client certificate is available, this use case is not w

Tomcat 9: Client Certificate verification setting with optional is not working

Server.xml [in Tomcat 7, we were setting clientAuth="want" ] When I am trying to access application from browser, where client certificate is available, this use case is not working with setting(certificateVerification="optional")

RE: Tomcat end-point Client certificate issue

­They responded they are not using TLS session tickets, not to their knowledge. Sent with BlackBerry Work (www.blackberry.com) From: Mark Thomas Sent: Feb 6, 2021 2:39 AM To: users@tomcat.apache.org Subject: Re: Tomcat end-point Client certificate issue On 05

RE: Tomcat end-point Client certificate issue

and delete this message. Thank you for your cooperation. > -Original Message- > From: Mark Thomas > Sent: Saturday, February 6, 2021 2:38 AM > To: users@tomcat.apache.org > Subject: Re: Tomcat end-point Client certificate issue > > On 05/02/20

Re: Tomcat end-point Client certificate issue

AV' AdviceText='null' > FaultSubcode='null' > TechnicalText='org.apache.commons.httpclient.auth.AuthenticationException: > Unable to CAAPI validate certificate - array null' Severity='ERROR' > FaultType='SYSTEM' EmbeddedException='null' If this is an error

Tomcat end-point Client certificate issue

Hey everybody, Anyone run into an error or warning like this before? App team is using Tomcat 9.0.37. [05/02/2021 14:34:14:702 ] [] WARN com...xxx.SearchCriteriaEnhancedController SearchCriteriaEnhancedAction::actionExecute CAS Query WS returned Fault. Details: FaultCode=

Re: Client certificate authentication -- but only for services

rict any given >> user-ID and password to consumer-side hardware authorized for that >> given user-ID and password). > > All in the same webapp, or deployed in separate webapps? > > Note that you won't be able to verify that the hardware is actually > "authorized&qu

Re: Client certificate authentication -- but only for services

consumer-side hardware authorized for that > given user-ID and password). All in the same webapp, or deployed in separate webapps? Note that you won't be able to verify that the hardware is actually "authorized". If you want mutual TLS auth, then you are only authenticating the cl

Client certificate authentication -- but only for services

I just had a crazy thought, in connection with a situation in which we're trying to figure out a way to limit web service connections to authorized consumers. Here's the situation: we have both a browser-based UI (for which we definitely do NOT want to require users to have client-side certifi

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

On Wed, May 2, 2018 at 12:22 PM Mark Thomas wrote: > On 02/05/18 09:31, Rémy Maucherat wrote: > > On Wed, May 2, 2018 at 5:19 AM Hugh H wrote: > > > >> Hi Mark, > >> > >> Here are the logs you requested > >> > >> client: > >> https://1drv.ms/t/s!Aii8T4l0bnqVlyAuRIjSuluBe8vy > >> > >> server: > >

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

On 02/05/18 09:31, Rémy Maucherat wrote: > On Wed, May 2, 2018 at 5:19 AM Hugh H wrote: > >> Hi Mark, >> >> Here are the logs you requested >> >> client: >> https://1drv.ms/t/s!Aii8T4l0bnqVlyAuRIjSuluBe8vy >> >> server: >> https://1drv.ms/u/s!Aii8T4l0bnqVlx-TGo6I0dMXZxG1 >> >> >> I checked the sy

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

ote: > > On 30/04/18 01:48, ** * wrote: > Hi, > > I met a weird issue during setting up tomcat 8.5 with Http11Nio2Protocol > connector and OpenSSLImplementation. The issue is that a request would be > timeout using apache HttpClient and client certificate after serval

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

ttp11Nio2Protocol connector and OpenSSLImplementation. The issue is that a request would be timeout using apache HttpClient and client certificate after serval previous requests. It also happens with RestAssured and SoapUI. Please note it works fine for first several requests and then failed with

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

On Tue, May 1, 2018 at 3:31 PM Mark Thomas wrote: > On 01/05/18 03:11, 旭东 胡 wrote: > > Hi Mark, > > > > Unfortunately, 8.5.31 does not resolve my issue. You can find the > catalina.out log by https://1drv.ms/u/s!Aii8T4l0bnqVlx0mqtHngJ_1OvRo. > > From my client log the timeout occurs: > > 1. betw

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

>>> I met a weird issue during setting up tomcat 8.5 with Http11Nio2Protocol >>> connector and OpenSSLImplementation. The issue is that a request would be >>> timeout using apache HttpClient and client certificate after serval >>> previous requests. It also happens w

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

30/04/18 01:48, ** * wrote: >> Hi, >> >> I met a weird issue during setting up tomcat 8.5 with Http11Nio2Protocol >> connector and OpenSSLImplementation. The issue is that a request would be >> timeout using apache HttpClient and client certificate after serval prev

Re: slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

On 30/04/18 01:48, 旭东 胡 wrote: > Hi, > > I met a weird issue during setting up tomcat 8.5 with Http11Nio2Protocol > connector and OpenSSLImplementation. The issue is that a request would be > timeout using apache HttpClient and client certificate after serval previous >

slow or timeout with client certificate and some http client against tomcat 8.5 with Nio2 OpenSSL implementation

Hi, I met a weird issue during setting up tomcat 8.5 with Http11Nio2Protocol connector and OpenSSLImplementation. The issue is that a request would be timeout using apache HttpClient and client certificate after serval previous requests. It also happens with RestAssured and SoapUI. Please note

Re: Http with client certificate authentication

On 22/02/18 03:23, Alex O'Ree wrote: > Howdy folks, > > If I setup a tomcat connector in server.xml with clientAuth="true" and have > the key store for tomcat and a trust store is the following true? > > - all public key certificates issued by CA's the trust store are allowed in? Yes. > - all u

Http with client certificate authentication

Howdy folks, If I setup a tomcat connector in server.xml with clientAuth="true" and have the key store for tomcat and a trust store is the following true? - all public key certificates issued by CA's the trust store are allowed in? - all user public key certificates in the trust store are allowed

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

On 05/02/2018 02:14, Indunil Rathnayake wrote: Hi, On 2 February 2018 at 19:55, Christopher Schultz < ch...@christopherschultz.net> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 2/2/18 5:35 AM, Mark Thomas wrote: On 02/02/18 04:06, Christopher Schultz wrote: It seems r

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi, On 2 February 2018 at 19:55, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 2/2/18 5:35 AM, Mark Thomas wrote: > > On 02/02/18 04:06, Christopher Schultz wrote: > > > > > > > >> It seems reasonable for Tomcat to

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 2/2/18 5:35 AM, Mark Thomas wrote: > On 02/02/18 04:06, Christopher Schultz wrote: > > > >> It seems reasonable for Tomcat to verify that any "critical" >> key-use extensions are respected, and perhaps even some >> non-critical ones. >

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

mcat does not currently verify any of the key-usage > fields on a certificate. The assumption is that if a trusted CA > doesn't think a key should be used for authentication, then the CA > should not sign that certificate. > > But it's reasonable to imagine a scenario where

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

On 02/02/18 04:06, Christopher Schultz wrote: > It seems reasonable for Tomcat to verify that any "critical" key-use > extensions are respected, and perhaps even some non-critical ones. I'd assume that JSSE / OpenSSl do this automatically. Is there any evidence that they do not? Mark

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

hat certificate. But it's reasonable to imagine a scenario where a code-signing certificate signed by a CA could be "illegally" used as a TLS client certificate, and in that case, Tomcat would allow the handshake. It seems reasonable for Tomcat to verify that any "critical"

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indunil, On 2/1/18 6:15 PM, Indunil Rathnayake wrote: > Adding Chris There's no need to specifically CC list members. - -chris > On 1 February 2018 at 18:03, Indunil Rathnayake > wrote: > >> Hi, >> >> I have configured a tomcat connector for h

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Adding Chris On 1 February 2018 at 18:03, Indunil Rathnayake wrote: > Hi, > > I have configured a tomcat connector for handling requests for a > particular servlet and have configured a trust store for the connector. > Anyone knows whether tomcat handles validation of "Key Usage" and "Extended >

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi Chris, On 1 February 2018 at 20:25, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Indunil, > > On 2/1/18 7:29 AM, Indunil Rathnayake wrote: > > I have configured a tomcat connector for handling requests for a > > particular s

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indunil, On 2/1/18 7:29 AM, Indunil Rathnayake wrote: > I have configured a tomcat connector for handling requests for a > particular servlet and have configured a trust store for the > connector. Anyone knows whether tomcat handles validation of "K

Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi, I have configured a tomcat connector for handling requests for a particular servlet and have configured a trust store for the connector. Anyone knows whether tomcat handles validation of "Key Usage" and "Extended Key Usage" extensions in client certificates? And how it's handled through tomcat

Re: Passing client certificate through Nginx to Tomcat SSL Valve

On 29/05/17 16:05, Christopher Schultz wrote: > Lucas, > > On 5/27/17 9:41 AM, Lucas Ventura Carro wrote: >>> On 23/06/2016 12:58, Mark Thomas wrote: Smarter sounds good to >>> me. Why not try and write a patch for this? > >> I work faster with github pull-requests :) >> https://github.com/apach

Re: Passing client certificate through Nginx to Tomcat SSL Valve

On 29/05/17 17:02, Christopher Schultz wrote: > Mark, > > On 5/29/17 11:40 AM, Christopher Schultz wrote: >> Mark, > >> On 6/23/16 7:58 AM, Mark Thomas wrote: >>> On a related topic, I wonder how tolerant >>> CertificateFactory.generateCertificate() is since that will have >>> an impact on exac

Re: Passing client certificate through Nginx to Tomcat SSL Valve

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 5/29/17 11:40 AM, Christopher Schultz wrote: > Mark, > > On 6/23/16 7:58 AM, Mark Thomas wrote: >> On a related topic, I wonder how tolerant >> CertificateFactory.generateCertificate() is since that will have >> an impact on exactly how

Re: Passing client certificate through Nginx to Tomcat SSL Valve

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 6/23/16 7:58 AM, Mark Thomas wrote: > On a related topic, I wonder how tolerant > CertificateFactory.generateCertificate() is since that will have > an impact on exactly how smart the SSLValve needs to be. Tested with Oracle Java 1.8.0_12

Re: Passing client certificate through Nginx to Tomcat SSL Valve

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lucas, On 5/27/17 9:41 AM, Lucas Ventura Carro wrote: >> On 23/06/2016 12:58, Mark Thomas wrote: Smarter sounds good to >> me. Why not try and write a patch for this? > > I work faster with github pull-requests :) > https://github.com/apache/tomca

Re: Passing client certificate through Nginx to Tomcat SSL Valve

> On 23/06/2016 12:58, Mark Thomas wrote: > Smarter sounds good to me. Why not try and write a patch for this? I work faster with github pull-requests :) https://github.com/apache/tomcat80/pull/8 > On a related topic, I wonder how tolerant > CertificateFactory.generateCertificate() is since that

Re: Passing client certificate through Nginx to Tomcat SSL Valve

On 23/06/2016 12:51, Lucas Ventura Carro wrote: > And here comes the incompatibility: Nginx replaces new lines with tab > characters, but the valve only try to change white spaces. > Should not be the SSL Valve smarter and try to replace one or multiple > whitespaces (the regex '\s+')? Or at leas

Passing client certificate through Nginx to Tomcat SSL Valve

I have a webapp which reads a X.509 client certificate from the standard servlet request attribute: ServletRequest.getAttribute("javax.servlet.request.X509Certificate"). When Tomcat is the HTTPS endpoint, works like a charm. But when there is a Nginx as the HTTPS endpoint, and Tomcat is

Re: Firefox SSL with APR - losing client certificate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 9/17/15 3:06 PM, David Balažic wrote: > Anyone with experience debugging SSL issues (with APR or from > Firefox/Chrome side) ? If you use Wireshark or a similar packet-capture rig, can you see whether the browser is changing the way it s

RE: Firefox SSL with APR - losing client certificate

th APR - losing client certificate > Importance: Low > > Reported as Bug 58244 - two way SSL loses client certificate after a few > requests > > https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 > > > David Balažic > > > -Original Message- >

RE: Firefox SSL with APR - losing client certificate

Reported as Bug 58244 - two way SSL loses client certificate after a few requests https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 David Balažic > -Original Message- > From: David Balažic > Sent: 7. August 2015 17:38 > To: users@tomcat.apache.org > Subject: Firef

Re: Tomcat client certificate based authorization

Hi, sorry for the confusion, I made a mistake with the class name, it does work as described! :) kind regards Am 04.09.2015 19:35 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/4/15 10:01 AM, juls wrote: thanks, I guess that was the right hint.

Re: Tomcat client certificate based authorization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/4/15 10:01 AM, juls wrote: > thanks, I guess that was the right hint. I hope so! > I now implemented a custom X509UsernameRetriever, created a jar > and placed it in $CATALINA_HOME/lib. > > import java.security.cert.X509Certificate; >

Re: Tomcat client certificate based authorization

lass? kind regards Am 03.09.2015 23:44 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/3/15 9:41 AM, juls wrote: I need to restrict users to access different resources based on attributes of their client certificate. I found this tutorial which

Re: Tomcat client certificate based authorization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Juls, On 9/3/15 9:41 AM, juls wrote: > I need to restrict users to access different resources based on > attributes of their client certificate. > > I found this tutorial which describes the basic idea: > http://krishnasblog

Tomcat client certificate based authorization

Dear List! I need to restrict users to access different resources based on attributes of their client certificate. I found this tutorial which describes the basic idea: http://krishnasblog.com/2012/12/01/enabling-client-cert-based-authorization-on-tomcat/ Apart from not beeing able the get

RE: Firefox SSL with APR - losing client certificate

lažic Software Engineer www.comtrade.com > -Original Message- > From: David Balažic [mailto:david.bala...@comtrade.com] > Sent: 10. August 2015 19:30 > To: Tomcat Users List > Subject: RE: Firefox SSL with APR - losing client certificate > Importance: Low > > &g

RE: Firefox SSL with APR - losing client certificate

> From: David Balažic [mailto:david.bala...@comtrade.com] > > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Sent: 8. August 2015 14:33 > > > > Quick question: this is with Tomcat only and no httpd out in front, righ > > t? > > Yes. It is also the same if run independently

RE: Firefox SSL with APR - losing client certificate

> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: 8. August 2015 14:33 > > Quick question: this is with Tomcat only and no httpd out in front, righ > t? Yes. David - To unsubscribe, e-mail: users-unsubsc

Re: Firefox SSL with APR - losing client certificate

; On first access Firefox shows the client certificate selection > dialog. I select a certificate and continue. The web application > "sees" the selected certificate and show a proper response page. > But on next access (I click a link) the client certificate is not > visible to

Firefox SSL with APR - losing client certificate

Hi! I use tomcat 6.0.44 wit APR on Windows x64. I set up SSLVerifyClient="optional" and since then encounter the following problem with Firefox 39.0.03 (IE works OK): On first access Firefox shows the client certificate selection dialog. I select a certificate and continue. The web a

Re: Client certificate keystore configuration

On 2 September 2014 18:00, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Javier, > > On 8/28/14, 3:14 PM, Javier Conti wrote: > > On 28 August 2014 13:50, Konstantin Kolinko > > wrote: > > > >> 2014-08-28 14:46 GMT+04:00 Javier Conti > >> : > >>> Hi all, > >>

Re: Client certificate keystore configuration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Javier, On 8/28/14, 3:14 PM, Javier Conti wrote: > On 28 August 2014 13:50, Konstantin Kolinko > wrote: > >> 2014-08-28 14:46 GMT+04:00 Javier Conti >> : >>> Hi all, >>> >>> in a Tomcat 7.0.53 container we are running an application >>> which nee

Re: Client certificate keystore configuration

On 28 August 2014 13:50, Konstantin Kolinko wrote: > 2014-08-28 14:46 GMT+04:00 Javier Conti : > > Hi all, > > > > in a Tomcat 7.0.53 container we are running an application which needs to > > use client certificates to connect to other webservices. > > This is currently done by configuring a key

Re: Client certificate keystore configuration

2014-08-28 14:46 GMT+04:00 Javier Conti : > Hi all, > > in a Tomcat 7.0.53 container we are running an application which needs to > use client certificates to connect to other webservices. > This is currently done by configuring a keystore containing keys, > certificates and CAs for the JVM (via co

Client certificate keystore configuration

Hi all, in a Tomcat 7.0.53 container we are running an application which needs to use client certificates to connect to other webservices. This is currently done by configuring a keystore containing keys, certificates and CAs for the JVM (via command line arguments) as follows: -Djavax.net.ssl.

Client certificate is null using APR connector

Version of tomcat is 7.0.54 and APR connector configuration looks like this: When APR connector is used, "javax.servlet.request.X509Certificate" attribute in request is null. This attribute should be filled by tomcat's Http11AprProcessor. Client certificate (SSLSocket.get

Tomcat7 Client Certificate Authentication Using Datasource Ralm Fails

Hi,

RE: Reg: Issue in SSL Authentication in Tomcat after new client certificate has been created / added, Tomcat has to be started every time i add a new client certificate

Krishna Let me check with the engineers who want to work for you for free > From: karip...@teksystems.com > To: users@tomcat.apache.org > Date: Fri, 2 May 2014 04:55:18 -0400 > Subject: Reg: Issue in SSL Authentication in Tomcat after new client > certificate has been created

Re: Reg: Issue in SSL Authentication in Tomcat after new client certificate has been created / added, Tomcat has to be started every time i add a new client certificate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Krishna, On 5/2/14, 4:55 AM, Aripaka, Krishna wrote: > 1. We are using Tomcat 7.0.39 in our application. > > 2. We have implemented Two Way SSL authentication using java > keytool > > 3. Issue is, when we create a new client c

Reg: Issue in SSL Authentication in Tomcat after new client certificate has been created / added, Tomcat has to be started every time i add a new client certificate

Hi, 1. We are using Tomcat 7.0.39 in our application. 2. We have implemented Two Way SSL authentication using java keytool 3. Issue is, when we create a new client certificate and add it to Java Keystore(.jks), we are unable to authenticate unless we restart the Tomcat. So, every time we add a

Re: If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)

or both purposes? (I would recommend separate CAs for each). > in step 13. The common name of the client must match a user in > Tomcat's user realm (e.g.an entry in conf/tomcat-users.xml) which i > missed out. Because of this i am unable to access client > certificate? Well, you c

Re: If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)

server.xml file. in step 13. The common name of the client must match a user in Tomcat's user realm (e.g.an entry in conf/tomcat-users.xml) which i missed out. Because of this i am unable to access client certificate? On Wed, Sep 4, 2013 at 5:17 PM, Christopher Schultz

Re: If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)

> scheme="https" secure="true" sslProtocol="TLS" /> > > Please let me know is there any extra configuration required to do > in server side to validate client certificate? It sounds like you have already configured client certificate validation, bu

If i configured client certificate at my browser unable to access my web app (Apace Tomcat 7.0.42/CentOs)

Hi All 1)I have configured https to acces my web app . Which is working fine. 2) 2nd i have configured client certificate at my browser (firfox). 3)3rd it's ask me pop message at client side for selecting a certificate. 4)4th once i select a certificate and click ok it will throw below exc

  1   2   >