The following is a configuration that we have used to set up the Client
Authorization to work in Tomcat. We use introspection
the IntrospectionUtils.PropertySource to decipher the password and set the
following environment variables
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", clearText);
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", clearText);
and then we use this connector configuration.
<Connector URIEncoding="UTF-8"
port="8443"
address="10.2.110.235"
maxThreads="300"
maxConnections="300"
protocol="org.apache.coyote.http11.Http11AprProtocol"
scheme="https" secure="true" SSLEnabled="true"
SSLProtocol="TLSv1.2"
SSLCipherSuite="-ALL ..... this has all the ciphers"
SSLPassword="${KSENC(6qXemkaMkIOCflnMN4pErQ==;
C:\Certificate\Keystore\Tomcat xxx Vessel.p12)}"
SSLCertificateChainFile="C:\Certificate\Public
Key\WSD-2DNX4M3.xxx.com.cer"
SSLCertificateFile="C:\Certificate\Public Key\WSD-2DNX4M3.xxx.com.cer"
SSLCertificateKeyFile="C:\Certificate\Private
Key\WSD-2DNX4M3.xxx.com.key"
SSLVerifyClient="optional"
SSLCACertificateFile="C:\Certificates\CA\intermediate.ca"
SSLCACertificatePath="C:\Certificates\CA\"
/>
The last two settings SSLCACertificateFile and SSLCACertificatePath appear
to not work. We have a Certificate "DODxxx" intermediate in the
SSLCACertificatePath directory and it does not present itself to the client.
We have also tried putting it in the SSLCACertificateFile and that does not
work either.
The only way to get it to work is to put it in the TrustStore/Keystore.
Did this type of configuration work on Tomcat? What changes do you suggest
to get this to work with at least an external "intermediate.ca" file with
all the"DODxxx" intermediates concatenated in the file.
Regards
Tnmothy Resh
