Hello!
I have 2 way SSL running, and all is well until I try to get the
certificate off of the request...
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])request.getAttribute("java.securit
y.cert.X509Certificate");
isSecure is true.
sslID is provided.
Key length reports 128.
But certs is null even though the client browser has prompted the user
for a certificate, and been provided one.
At this point I have no security constraints, or roles configured, as I
just want to see the cert right now.
So, authType is null as well.
SRV.4.7 makes is sound like the cert should be exposed regardless of
authentication, but is that the case?
Or, is it only exposed after authentication (I really, really hope not)
?
On the client certificate, it is signed by a CA trusted by both the
client and the server.
I feel like my client cert may not be configured correctly, so am
working in that direction, but would appreciate any possible
clarification on this point with the servlet spec.
And, of course, if you know how to fix it, that would help too.
Thanks for any suggestions,
Rick
