Hi,
Rafael Rossetto wrote:
I'm using the JkOptions +ForwardSSLCertChain in httpd.conf. In
ssl.conf I also use the SSLVerifyClient require(tried optional and
optional_no_ca), so the client certificate validation in Apache seems
all right to me. And the SSLOptions is SSLOptions +StdEnvVars
+ExportCertData.
Just to make sure, do you use 'JkExtractSSL On' as well (it should be on
by default anyway)?
I generally use this:
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT
JkOptions +ForwardSSLCertChain
and this in the relevant VirtualHost:
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCACertificatePath ...
SSLCARevocationPath ...
SSLVerifyClient optional
SSLVerifyDepth 5
SSLOptions +ExportCertData +StdEnvVars
I get the full chain with this.
Best wishes,
Bruno.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
