Josué Alcalde González <[EMAIL PROTECTED]> kirjoitti:
Hello.
I would like to get some advise about a new application I am developing.
It needs SSL with client certificate and it will be written in java and
deployed in Tomcat 6 with java 6.
The server will be shared with other applications in java, php and
perhaps other.
Now, it is a ubuntu 6.06 server with an apache 2.0 instalation, a tomcat
6.0 and a mod_jk 1.2.14.
There are some applications writen in php and a java aplication. The
java application is served by apache using mod_jk. It uses SSL but it
doesn't need client certificate. SSL is only configured in Apache.
Tomcat 6 uses normal connections (8080, 8009) which are closed.
This works perfectly but my next application will need client auth using
a X509Certificate and I need a way to get it in my Servlets.
I have read some documentation in google and I have try it.
First, I configured a Virtual Host with Apache
---------------------------------------------------------
<VirtualHost *:443>
ServerAdmin [EMAIL PROTECTED]
ServerSignature On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLVerifyClient optional_no_ca
JkExtractSSL On
JkMount /ovt ajp13_worker
JkMount /ovt/* ajp13_worker
</VirtualHost>
---------------------------------------------------------
Then, I made a Servlet to try it:
-----------------------------------------------------------
// Display the cipher suite in use
String cipherSuite = (String)
request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);
// Display the client's certificates, if there are any
if (cipherSuite != null) {
X509Certificate certChain[] = (X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
if (certChain != null) {
for (int i = 0; i < certChain.length; i++) {
out.println ("Client Certificate [" + i + "] = " +
certChain[i].toString());
}
}
-----------------------------------------------------------
And it didn't work. CipherSuite is always null.
I haven't configured anything in tomcat. As I have read, it should work
but it is obvious I am missing something.
I would like to manage SSL with Apache better than using java keystores,
if it is possible.
Also, I would like to have an application which does not need apache to
work and which works perfectly in tomcat standalone.
--
_______________________________________________
Josué Alcalde González
[EMAIL PROTECTED]
Dpto. Desarrollo
CSA - Centro Regional de Servicios Avanzados
C/ López Bravo, 1
Pol. Ind. Villalonquéjar (Burgos)
Tel. (+34) 947 256 250
Fax. (+34) 947 256 583
Web: http://www.csa.es
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
never used apache in that way, but myself using SSL in tomcat on port 8443, I
Have a redirect port setup in the config section for port 8080, which points to
8443(SSL) and the application runs on that port, secured. About X509 I have no
idea. in case you are not bound to use X509 you can use SSL out of the box with
tomcat. You need to generate the certificate, set redirect port for(so that a
hit to your applicatio goes to 8443 and not 8080(youdon't want both). setup
your application to use ssl (in web.xml). Have a look at the documentation on
tomcat in the tomcat docs(section SSL, it is explained there in detail).hope
this helps
G
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
