Hi My goal is to set up a web server on Windows 10 that supports TLSv1.3 with mutual authentication.
I have had success with Apache on Ubuntu 20.04. I was able to generate the server and client x509 leaf certs which apache validates up the chain of trust and actually does refuse the connection if a client cert has been revoked. Very nice. Also, Apache provides these useful environmental variables like REMOTE_ADDR, SSL_CLIENT_VERIFY, SSL_CLIENT_S_DN, and SSL_PROTOCOL. I'm using ProxyPass, ProxyPassReverse as a connector to Tomcat 9. Unfortunately, these env vars do not get through to Tomcat 9. For other reasons, related to TPM, I need to get this to work on Windows 10. So far, my best three options are : 1. Use Tomcat 9 standalone and configure TLSv1.3 2. Use Tomcat 10 standalone and configure TLSv1.3 3. Use Apache2 and Tomcat and find a work around to get the environmental variables To Tomcat For configuring TLS on Tomcat 9 or 10, a working example would be useful. Will standalone Tomcat validate certs up the chain of trust and actually refuse the connection if a client cert has been revoked? Please advise. John Orendt john.p.ore...@medtronic.com [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
