Actually, Tomcat can't validate your client cert with either mod_jk or mod_proxy_ajp for the simple reason that the AJP/1.3 protocol only forwards the client cert and not the entire chain. You have to configure certificate validation in Httpd.
"Florian Rock" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > tomcat doesn't validate my client certificate when using mod_proxy_ajp: > my config: > > SSLEngine on > SSLCertificateFile /somepath/somecert.crt > SSLCertificateKeyFile /somepath/somecert.key > SSLVerifyClient optional_no_ca > SSLVerifyDepth 0 > SSLOptions +StdEnvVars +ExportCertData > > SSLProxyEngine on > SSLProxyVerify optional_no_ca > SSLProxyVerifyDepth 0 > <Location /f00> > ProxyPass ajp://127.0.0.1:8009/f00 > </Location> > > the certificate is forwared to my application but tomcat doesn't verify > it with its truststore. > > on mod_jk it works without problems: > same ssl config and the default JkOptions: > JkExtractSSL On > JkHTTPSIndicator HTTPS > JkSESSIONIndicator SSL_SESSION_ID > JkCIPHERIndicator SSL_CIPHER > JkCERTSIndicator SSL_CLIENT_CERT > > someone know what is wrong? > > thanks for help > > Florian > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
