Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

I have changed my original configuration to include the *keystoreFile* and the *truststoreFile* within the connector. This allows client authentication to occur correctly even though it was already defined via the *SSLCACertificateFile* and the *SSLCACertificatePath* keys in the connector. Mark, yo

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

On 28/01/2025 17:16, Timothy Resh wrote: Chris and Mark, The following properties are set via Introspection and are used by a SOAP call in a hosted Java web app. System.setProperty("javax.net.ssl.keyStore", keyStorePath); System.setProperty("javax.net.ssl.keyStorePassword", clearText); System.s

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Chris and Mark, The following properties are set via Introspection and are used by a SOAP call in a hosted Java web app. > System.setProperty("javax.net.ssl.keyStore", keyStorePath); > System.setProperty("javax.net.ssl.keyStorePassword", clearText); > System.setProperty("javax.net.ssl.trustStore",

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Jon, On 1/23/25 1:17 PM, Mcalexander, Jon J. wrote: From: Christopher Schultz Sent: Wednesday, January 22, 2025 11:19 AM To: users@tomcat.apache.org Subject: Re: Openssl Connector configuration for Dynamic Client Authorization does not work. > There is also Vault for Tomcat[2], which I h

RE: Openssl Connector configuration for Dynamic Client Authorization does not work.

Christopher, From: Christopher Schultz Sent: Wednesday, January 22, 2025 11:19 AM To: users@tomcat.apache.org Subject: Re: Openssl Connector configuration for Dynamic Client Authorization does not work. Thomas, On 1/21/25 2: 08 PM, Timothy Resh wrote: > In the old configuration we were a

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Thomas, On 1/21/25 2:08 PM, Timothy Resh wrote: In the old configuration we were able to hide the password using the following parameter in the config SSLPassword="${KSENC(6qXemkaMkIOCflnMN4pErQ==; C:\\Certificate\Keystore\Tomcat SAMM Vessel.p12)}" We then used this org.apache.tomcat.util.dige

Re: [OT] Openssl Connector configuration for Dynamic Client Authorization does not work.

Mark, On 1/22/25 10:04 AM, Mark Thomas wrote: On 21/01/2025 19:08, Timothy Resh wrote: Good afternoon, If I use this configuration, then the prompts for the client auth work, where the intermediate.p12 file has all the intermediates from DOD ID CAx imported. I do not see where the caCertificat

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

On 21/01/2025 19:08, Timothy Resh wrote: Good afternoon, If I use this configuration, then the prompts for the client auth work, where the intermediate.p12 file has all the intermediates from DOD ID CAx imported. I do not see where the caCertificatePath can be used in this configuration. OK.

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Good afternoon, If I use this configuration, then the prompts for the client auth work, where the intermediate.p12 file has all the intermediates from DOD ID CAx imported. I do not see where the caCertificatePath can be used in this configuration. In the old configuration we were able to hid

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Timothy, On 1/14/25 4:58 PM, Timothy Resh wrote: What do you mean when you say "dynamic client auth"? > Dynamic in so far as you drop an intermediate ca and hash link into a directory, to allow tomcat to recognise the new client. Ex.. DOD CAC cards. I believe you indicated using the caCertifi

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

What do you mean when you say "dynamic client auth"? Dynamic in so far as you drop an intermediate ca and hash link into a directory, to allow tomcat to recognise the new client. Ex.. DOD CAC cards. I believe you indicated using the caCertificatePath or caCertificateFile for this. I'm trying to c

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Timothy, On 1/13/25 9:58 AM, Timothy Resh wrote: This system and configuration I inherited and was told it works and it should have been working in earlier Tomcat versions like 8. We have hundreds of installations so having a Dynamic client auth is paramount. What do you mean when you say "dyn

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Thank you for your reply. This system and configuration I inherited and was told it works and it should have been working in earlier Tomcat versions like 8. We have hundreds of installations so having a Dynamic client auth is paramount. I have tried several versions of Tomcat 9.079 to 9.089 and

Re: Openssl Connector configuration for Dynamic Client Authorization does not work.

Timothy > Am 09.01.2025 um 17:15 schrieb Timothy Resh : > > The following is a configuration that we have used to set up the Client > Authorization to work in Tomcat. We use introspection > the IntrospectionUtils.PropertySource to decipher the password and set the > following environment variable

Openssl Connector configuration for Dynamic Client Authorization does not work.

The following is a configuration that we have used to set up the Client Authorization to work in Tomcat. We use introspection the IntrospectionUtils.PropertySource to decipher the password and set the following environment variables System.setProperty("javax.net.ssl.keyStore", keyStorePath);