Thanks Burghard. That's a start, provides a little understanding. Seems to be more about securing httpd<->Tomcat than client<->Tomcat, but I'm sure the concept is the same. That page does seem to be about the java-based standard connector, and I'm using the APR connector, which is a bit different in configuration. I did notice that I probably need to read the OpenSSL docs a bit more also.
Is there anyone who's implemented true-client SSL auth over APR that would be willing to share hints/tips on how they handled certificate distributions, etc.? > -----Original Message----- > From: burghard.britzke [mailto:b...@charmides.in-berlin.de] > Sent: Thursday, July 12, 2012 1:11 AM > To: Tomcat Users List > Subject: Re: Client Authentication using SSL > > may be that article helps: > http://www.tomcatexpert.com/blog/2012/07/10/enabling-ssl-communication- > and-client-certificate-authentication-between-apache-web- > > burghard. > > Am 12.07.2012 um 01:25 schrieb Jeffrey Janner: > > > Reposting to the list, as that's the way.... > > > > Esmond, > > We already implement your solution, with the exception of the SSL > Client Certificate. > > That is what I was aiming for. > > Thanks for the pointer to AuthenticRoast. We'll give it a look. > > I've also seen something in the Apache tools called TripleSec which > looks interesting. But really just looking for some additional info on > how the client SSL stuff really works. > > Jeff > > > >> -----Original Message----- > >> From: Esmond Pitt [mailto:esmond.p...@bigpond.com] > >> Sent: Wednesday, July 11, 2012 5:58 PM > >> To: Jeffrey Janner > >> Subject: RE: Client Authentication using SSL > >> > >> Jeffrey > >> > >> 'Two-factor authentication' isn't supported by Tomcat natively. Have > >> a look for a package in Google Code called AuthenticRoast. I > >> contributed a JAAS layer to it myself. I am using it for a scenario > >> where I have these > >> 'factors': > >> > >> - SSL client certificate > >> - 'ticket' (a UID in the URL, e.g. for password resets) > >> - form > >> > >> > >> EJP > >> > >> -----Original Message----- > >> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > >> Sent: Thursday, 12 July 2012 3:15 AM > >> To: 'Tomcat Users List' > >> Subject: RE: Client Authentication using SSL > >> > >>> -----Original Message----- > >>> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > >>> Sent: Wednesday, July 11, 2012 11:36 AM > >>> To: 'Tomcat Users List' > >>> Subject: Client Authentication using SSL > >>> > >>> Looking into implemented two-factor Auth for Tomcat with first > >>> factor being our current userid/password form. > >>> I figured that the second factor could be Client Authentication > >>> using SSL, as it seems readily available in Tomcat. > >>> Aside from the wonderful Tomcat documentation on configuring the > >>> <connector> element, does anyone else have any suggested reading on > >>> the subject? > >>> Any gotchas I should look for? > >>> > >>> Jeffrey Janner > >>> > >> > _____________________________________________________________________ > >> _ > >>> _ > >> > >> Forgot to mention that I'd be running under APR/native. > >> > _____________________________________________________________________ > >> __ > >> ___ > >> > >> Confidentiality Notice: This Transmission (including any > >> attachments) may contain information that is privileged, > >> confidential, and exempt from disclosure under applicable law. If > >> the reader of this message is not the intended recipient you are > >> hereby notified that any dissemination, distribution, or copying of > >> this communication is strictly prohibited. > >> > >> If you have received this transmission in error, please immediately > >> reply to the sender or telephone (512) 343-9100 and delete this > >> transmission from your system. > >> > >> > >> > > > > > ______________________________________________________________________ > > ____ > > > > Confidentiality Notice: This Transmission (including any > attachments) may contain information that is privileged, confidential, > and exempt from disclosure under applicable law. If the reader of this > message is not the intended recipient you are hereby notified that any > dissemination, distribution, or copying of this communication is > strictly prohibited. > > > > If you have received this transmission in error, please immediately > reply to the sender or telephone (512) 343-9100 and delete this > transmission from your system. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > __________________________________________________________________________ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
