ok i checked my mod_jk config again and you are right: don't working thanks for your replay,
florian Bill Barker schrieb: > Actually, Tomcat can't validate your client cert with either mod_jk or > mod_proxy_ajp for the simple reason that the AJP/1.3 protocol only forwards > the client cert and not the entire chain. You have to configure certificate > validation in Httpd. > > "Florian Rock" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >> Hi, >> tomcat doesn't validate my client certificate when using mod_proxy_ajp: >> my config: >> >> SSLEngine on >> SSLCertificateFile /somepath/somecert.crt >> SSLCertificateKeyFile /somepath/somecert.key >> SSLVerifyClient optional_no_ca >> SSLVerifyDepth 0 >> SSLOptions +StdEnvVars +ExportCertData >> >> SSLProxyEngine on >> SSLProxyVerify optional_no_ca >> SSLProxyVerifyDepth 0 >> <Location /f00> >> ProxyPass ajp://127.0.0.1:8009/f00 >> </Location> >> >> the certificate is forwared to my application but tomcat doesn't verify >> it with its truststore. >> >> on mod_jk it works without problems: >> same ssl config and the default JkOptions: >> JkExtractSSL On >> JkHTTPSIndicator HTTPS >> JkSESSIONIndicator SSL_SESSION_ID >> JkCIPHERIndicator SSL_CIPHER >> JkCERTSIndicator SSL_CLIENT_CERT >> >> someone know what is wrong? >> >> thanks for help >> >> Florian >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
