On 20/12/2018 04:28, Christopher Schultz wrote:
> James,
>
> On 12/19/18 20:18, James H. H. Lampert wrote:
>> I just had a crazy thought, in connection with a situation in
>> which we're trying to figure out a way to limit web service
>> connections to authorized consumers.
>
>> Here's the situat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 12/19/18 20:18, James H. H. Lampert wrote:
> I just had a crazy thought, in connection with a situation in
> which we're trying to figure out a way to limit web service
> connections to authorized consumers.
>
> Here's the situation: we h
On 2 September 2014 18:00, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Javier,
>
> On 8/28/14, 3:14 PM, Javier Conti wrote:
> > On 28 August 2014 13:50, Konstantin Kolinko
> > wrote:
> >
> >> 2014-08-28 14:46 GMT+04:00 Javier Conti
> >> :
> >>> Hi all,
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Javier,
On 8/28/14, 3:14 PM, Javier Conti wrote:
> On 28 August 2014 13:50, Konstantin Kolinko
> wrote:
>
>> 2014-08-28 14:46 GMT+04:00 Javier Conti
>> :
>>> Hi all,
>>>
>>> in a Tomcat 7.0.53 container we are running an application
>>> which nee
On 28 August 2014 13:50, Konstantin Kolinko wrote:
> 2014-08-28 14:46 GMT+04:00 Javier Conti :
> > Hi all,
> >
> > in a Tomcat 7.0.53 container we are running an application which needs to
> > use client certificates to connect to other webservices.
> > This is currently done by configuring a key
2014-08-28 14:46 GMT+04:00 Javier Conti :
> Hi all,
>
> in a Tomcat 7.0.53 container we are running an application which needs to
> use client certificates to connect to other webservices.
> This is currently done by configuring a keystore containing keys,
> certificates and CAs for the JVM (via co
I've registered a bug on that, with all needed files to reproduce.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48933
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...
2010/2/25 Albert Tumanov :
> There is a concept of SSL session (Resumed TLS handshake),
I think that will not work anymore, because of CVE-2009-3555
See
http://tomcat.apache.org/security-6.html
Best regards,
Konstantin Kolinko
> Are you keeping an SSL connection for a long time? Or, do you mean that
> if you wait for slightly longer than 1 minute after the last SSL request
> to make another one, the client certificate does not get delivered to
> Tomcat?
The latter one :)
>> 1) go to https://localhost:8443/ssltest, it w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Albert,
On 2/22/2010 7:16 AM, Albert Tumanov wrote:
> I'm chasing a strange problem with Tomcat + SSL + APR + Firefox.
>
> Namely, the setup works perfectly (i.e. the client certificate is sent
> and the servlet application can get it).
> But if I al
On 23/02/2010 09:31, Andrey D wrote:
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Please don
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Thanks..
On Mon, Feb 22, 2010 at 2:16 PM, Albert
"Christopher Schultz" wrote in message
news:4b070643.1070...@christopherschultz.net...
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Rainer,
>
> On 11/20/2009 1:09 PM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> I'm having trouble getting a client certificat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 4:12 PM, Christopher Schultz wrote:
> Rainer,
>
> On 11/20/2009 1:09 PM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> I'm having trouble getting a client certificate chain sent to Tomcat via
>>> mod_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
> On 20.11.2009 17:20, Christopher Schultz wrote:
>> I'm having trouble getting a client certificate chain sent to Tomcat via
>> mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
>
> Off by on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:51 PM, Rainer Jung wrote:
> OpenSSL Code looks like only returning the chain provided by the client,
> and the client should not provide the root.
Ok.
> At the moment I see no way of getting the root CA which verified the
> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 12:39 PM, Rainer Jung wrote:
> On 20.11.2009 18:08, Christopher Schultz wrote:
>> Rainer,
>>
>> On 11/20/2009 11:51 AM, Rainer Jung wrote:
>>> On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can
Since certs are public anyhow (not keys), here's the decoding done by
openssl -x509 -in ... -text:
On 20.11.2009 18:49, Rainer Jung wrote:
> The following line from you mod_jk log really shows what is being
> forwarded as an attribute to Tomcat. This is logged after retrieving the
> data from Apac
On 20.11.2009 18:44, Rainer Jung wrote:
>> SSLEngine On
>> SSLCertificateFile ...
>> SSLCertificateKeyFile ...
>>
>> SSLOptions +ExportCertData
>> JkOptions +ForwardSSLCertChain
>>
>> JkMount /cschultz-chadis/*.jsp worker21
>> JkLogLevel debug
On 20.11.2009 17:20, Christopher Schultz wrote:
> I'm having trouble getting a client certificate chain sent to Tomcat via
> mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
https://issues.apache.org/bugzilla/show_bug.cgi?id=39637
indicates you'll need 5.5.28 ...
HTH!
Rain
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache but before sending it over the wire. At least we know
we got the data from Apache and because it is three and not four certs
it is likely, that
> SSLEngine On
> SSLCertificateFile ...
> SSLCertificateKeyFile ...
>
> SSLOptions +ExportCertData
> JkOptions +ForwardSSLCertChain
>
> JkMount /cschultz-chadis/*.jsp worker21
> JkLogLevel debug
>
> # chain.crt contains all 3 certif
On 20.11.2009 18:08, Christopher Schultz wrote:
> Rainer,
>
> On 11/20/2009 11:51 AM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> If you continue reading, you can see that mod_jk sends at least part of
>>> the first certificate. I seem to recall that mod_jk in debug m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
> On 20.11.2009 17:20, Christopher Schultz wrote:
>> If you continue reading, you can see that mod_jk sends at least part of
>> the first certificate. I seem to recall that mod_jk in debug mode only
>
On 20.11.2009 17:20, Christopher Schultz wrote:
> If you continue reading, you can see that mod_jk sends at least part of
> the first certificate. I seem to recall that mod_jk in debug mode only
> logs part of the request, so it's possible that more information is
> being sent than is being logged,
[EMAIL PROTECTED] wrote:
> The web.xml is configured in the following way to allow "all
> authenticated" user to do stuff. (To my knwoledge the * means all
> authenticated users, in my case users belonging to role1)
The "*" role does not mean all authenticated users. It means all users
with one or
A trusted certificate is one signed by a CA. You might need to be
storing the entire certifcate chain?
Jack...
On 16/05/06, Srikanth Madarapu <[EMAIL PROTECTED]> wrote:
I am sorry forgot to mention the error message, the error I get is
java.rmi.RemoteException: ; nested exception is:
H
I am sorry forgot to mention the error message, the error I get is
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException:
java.security.PrivilegedActionException: javax.xml.soap.SOAPException:
Message send failed: sun.security.validator.Valid
10:30 PM
To: users@tomcat.apache.org
Subject: Re: Client Certificate Authentication Failure
Tomcat is getting the cert fine (otherwise you'd get a different reponse
message). The problem is that it can't find a user to go with the
certificate.
This means that you've got a pr
Tomcat is getting the cert fine (otherwise you'd get a different reponse
message). The problem is that it can't find a user to go with the
certificate.
This means that you've got a problem with your Realm configuration.
Unfortunately, out of the Realms that ship with Tomcat, only MemoryRealm a
As a follow-up, the CAs are in the jre/.../cacerts store as well as
being in the .truststore
Rick
-Original Message-
From: Steinberger, Richard [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 03, 2005 12:06 PM
To: users@tomcat.apache.org
Subject: Client Certificate Authentication Fail
31 matches
Mail list logo
