Hi
I have followed all the instructions on this discussion, and i´m still
getting the error:
HTTP Status 400 - No client certificate chain in this request
Does the user cert that i´m using need to be "trusted" by cert of tomcat sever?
I´m using Apache Tomcat/5.5.15, on Win Xp Pro SP2
I have g
Markus wrote:
> Ok, I just submitted the bugs #38553 and #38555 for both issues. If
> you need more information, please let me know via bugzilla.
5.5.x CLIENT-CERT shoudl work with all realms. 5.0.x - don't hold your
breath.
Mark
-
Ok, I just submitted the bugs #38553 and #38555 for both issues. If
you need more information, please let me know via bugzilla.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Markus wrote:
> Mark:
> Thank you for your link to the archive. It was my fault using the
> UserDatabase realm
> instead of the MemoryRealm. I'm, using tomcat 5.0.28 - is it still the
> case in 5.5.x
> that you MUST use the MemoryRealm for clientcert authentication?
All realms should work with CLI
Mark:
Thank you for your link to the archive. It was my fault using the
UserDatabase realm
instead of the MemoryRealm. I'm, using tomcat 5.0.28 - is it still the
case in 5.5.x
that you MUST use the MemoryRealm for clientcert authentication?
Anyway, there is still an issue when trying to access a r
Markus a écrit :
>Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
>goes away. (Wtf is this documented?).
>
Yes it is documented:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Section 'Edit the Tomcat Configuration File'
> But I still get the 403 - Access
>denied erro
Markus wrote:
> Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
> goes away. (Wtf is this documented?). But I still get the 403 - Access
> denied error.
If you specify a user-data-constraint, you don't need to specify
clientAuth in the connector.
> As username I used exactly t
Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
goes away. (Wtf is this documented?). But I still get the 403 - Access
denied error.
Here is how I added the users certificate to my realm:
web.xml:
/html/*
Markus wrote:
> Setting clientAuth to true / false in the Connector configuration
> works fine, but how do I configure client authenticaton on a
> per-directory or even per-servlet basis?
> And here are the results I get:
>
> https://domain/anypage : OK
> https://domain/html/anypage : HTTP Stat
Hi
Yes, it is possible. From connector configuration doc:
clientAuth:
Set this value to true if you want Tomcat to require all SSL clients to
present a client Certificate in order to use this socket.
Set this value to want if you want Tomcat to request a client Certificate,
but not fail if
Creating client certs is no problem, I already had client
authentication working on the Connector-Level.
Nick:
In other words: it is NOT possible in tomcat to have a webapp with
BOTH, a private part with ssl AND client authentication and a public
part with ssl but WITHOUT client authentication?
T
: Wednesday, February 01, 2006 9:22 AM
To: Tomcat Users List
Subject: Re: Tomcat and client certificates
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?
This is my current configuration
Setting clientAuth to true / false in the Connector configuration
works fine, but how do I configure client authenticaton on a
per-directory or even per-servlet basis?
This is my current configuration:
In server.xml:
In web.xml:
/html/*
Tom Bednarz wrote:
> Is it possible to run on the same container (instance of Tomcat) web
> application that DO require certificates and other applications that do
> NOT require certificates?
Just specify
CLIENT-CERT
in web.xml. Assuming of course that you have a security constraint
tha
> From: Tom Bednarz [mailto:[EMAIL PROTECTED]
> Subject: Tomcat and client certificates
>
> If that is not possible, I need two servers, each running
> an instance of Tomcat with different server.xml settings.
I haven't tried it, but I would think all you need is two sets of
tags, not two comp
15 matches
Mail list logo
