You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ni...@accenture.com on 2004/03/09 17:14:38 UTC
[users@httpd] Mod_jk and ssl
I try to forward a user certificate to tomcat from an apache mod_jk,
Does mod_ssl need to be on the same server than mod_ssl?
It seems to be the case : here is what i tried to do :
apache mod_jk gets the client certificate from an environment variable set by a SetEnv directive instead of mod_ssl,
When i try to access the client certificate ((X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");), i get a null pointer Exception
Here is my httpd.conf file :
SetEnv SSL_CLIENT_CERT "-----BEGIN CERTIFICATE-----\nMIICqTCCAhICAQIwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAkZSMQwwCgYD\nVQQIEwNJREYxDjAMBgNVBAcTBVBhcmlzMSUwIwYDVQQKExxDZXJ0aWZpY2F0aW9u\nIEF1dGhvcml0eSwgSW5jMScwJQYDVQQLEx5DbGllbnQgY2VydGlmaWNhdGlvbiBh\ndXRob3JpdHkxEjAQBgNVBAMTCUNsaWVudCBDQTEfMB0GCSqGSIb3DQEJARYQY2xp\nZW50X2NhQGNhLmNvbTAeFw0wNDAxMjgxMjEwMzBaFw0wNTAxMjcxMjEwMzBaMIGI\nMQswCQYDVQQGEwJGUjERMA8GA1UECBMIQnJldGFnbmUxDzANBgNVBAcTBlJlbm5l\nczEXMBUGA1UEChMOTXkgQ29tcGFueSBMdGQxGDAWBgNVBAMUD0ZyYW7nb2lzIFBp\nZ25vbjEiMCAGCSqGSIb3DQEJARYTZnBpZ25vbkBob3RtYWlsLmNvbTCBnzANBgkq\nhkiG9w0BAQEFAAOBjQAwgYkCgYEAt7wimDsCaynG4LkOqAMmw/IGux4VjnuR854/\nk3uEi9/0JpuIstl/ZapSRbQGXqEVUczgxreV3WzRkKygGL+v11JZKaHERmuclFF3\n5+HnxGFm94OjAP2ruYvu/hSoToZXubABIdGvvTXvdGOebKdeGgGM6WmzWOxFyQ4y\niJTVbwMCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNAgaR2N1ehIrDv8hpypd4Q9aQ\n0fycSwHPbJbxRCifHw1i28QAOGy8fen7TNhc6haTwUG2TctxyguhxylqnG/qiOvy\nrfwOPF175DIVueM7hE73+x0eflCziL1QDPOEDPSOY5IDIJMpUX+6Haxy6l3N3JQq\nGvheL/tRVr3eYH6yQA==\n-----END CERTIFICATE-----\n"
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
#JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
#JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
#JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org