-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey,
On 7/12/12 9:44 AM, Jeffrey Janner wrote: > Is there anyone who's implemented true-client SSL auth over APR > that would be willing to share hints/tips on how they handled > certificate distributions, etc.? I wasn't using APR -- though it shouldn't be too terrible to switch from JSK configuration to openssl ; openssl is a *lot* more straightforward IMO -- and I wasn't actually using CLIENT-AUTH, but I did some playing-around a few years ago and posted a bunch to the list about it. Here's on of the threads: http://markmail.org/thread/vxwwli5nzt4itfr2 You could also look around the archives in the same general time period (fall 2009) for other semi-related posts by me. I wasn't able to find a post that said "Here's what I actually got working" though I'm reasonably certain I actually did do that. Finally, there is a (relatively) new <Realm> configuration attribute that you might want to check out if you want to use CLIENT-CERT: X509UsernameRetrieverClassName http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAA2acACgkQ9CaO5/Lv0PApAwCgrbYroL5Ywjh2MvBZ1qzcBCAS wtMAni9T0f9K17xG3AN7IsdCxZZtPurr =N6zS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
