You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sander Smith <ss...@rogers.com> on 2004/06/01 12:29:18 UTC
SSL Client Authorization
I'm writing an application with SSL that's been working fine, and would
like to enable client authorization. It seemed like the thing to do was go
to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
there. Lo and behold there is a method (setClientAuth) that seems to do
what I want, but for some strange reason it takes a string as an argument
instead of a boolean. What am I missing here?? How do I enable this?
Sander Smith
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: SSL Client Authorization
Posted by Jim Hopp <ji...@netyourwork.com>.
According to this link
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
possible values are "true", "want", and (I presume) "false".
I use client authentication in (non-embedded) Tomcat, and "true" does
indeed require client authentication.
-Jim
Sander Smith wrote:
> Doug,
>
> Thanks for your help but this isn't what I need. Yes, I want the client
> to present a certificate for validation during the SSL handshake, but
> your solution is not available to me. You suggest putting something in a
> config file, but I'm running Tomcat embedded, so all of the
> configuration is happening programmatically.
>
> I have a org.apache.coyote.tomcat5.CoyoteConnector and I call
> setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side
> SSL, and this is working great. When I want to request a client
> certificate I would expect to call setClientAuth(...) to do this.
> However, I'd expect to pass a boolean into this method, but instead, the
> interface requires a String!!! To make matters worse, there's no
> documentation to say what this string is.
>
> Does anyone know how to do this programmatically??
>
> Sander Smith
>
> At 08:20 AM 6/1/2004 -0400, you wrote:
>
>> Sander,
>>
>> If what you want is to have the client present a certificate for
>> validation,
>> then in your connector have something like
>>
>> clientAuth="true"
>>
>> See
>> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>>
>> If you are looking for something different let us know.
>>
>> Doug
>> www.parsonstechnical.com
>>
>>
>>
>> ----- Original Message -----
>> From: "Sander Smith" <ss...@rogers.com>
>> To: <to...@jakarta.apache.org>
>> Sent: Tuesday, June 01, 2004 6:29 AM
>> Subject: SSL Client Authorization
>>
>>
>> > I'm writing an application with SSL that's been working fine, and would
>> > like to enable client authorization. It seemed like the thing to do
>> was go
>> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and
>> enable it
>> > there. Lo and behold there is a method (setClientAuth) that seems to do
>> > what I want, but for some strange reason it takes a string as an
>> argument
>> > instead of a boolean. What am I missing here?? How do I enable this?
>> >
>> > Sander Smith
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: SSL Client Authorization
Posted by Sander Smith <ss...@rogers.com>.
Doug,
Thanks for your help but this isn't what I need. Yes, I want the client to
present a certificate for validation during the SSL handshake, but your
solution is not available to me. You suggest putting something in a config
file, but I'm running Tomcat embedded, so all of the configuration is
happening programmatically.
I have a org.apache.coyote.tomcat5.CoyoteConnector and I call
setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side SSL,
and this is working great. When I want to request a client certificate I
would expect to call setClientAuth(...) to do this. However, I'd expect to
pass a boolean into this method, but instead, the interface requires a
String!!! To make matters worse, there's no documentation to say what this
string is.
Does anyone know how to do this programmatically??
Sander Smith
At 08:20 AM 6/1/2004 -0400, you wrote:
>Sander,
>
>If what you want is to have the client present a certificate for validation,
>then in your connector have something like
>
>clientAuth="true"
>
>See
>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>
>If you are looking for something different let us know.
>
>Doug
>www.parsonstechnical.com
>
>
>
>----- Original Message -----
>From: "Sander Smith" <ss...@rogers.com>
>To: <to...@jakarta.apache.org>
>Sent: Tuesday, June 01, 2004 6:29 AM
>Subject: SSL Client Authorization
>
>
> > I'm writing an application with SSL that's been working fine, and would
> > like to enable client authorization. It seemed like the thing to do was go
> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> > there. Lo and behold there is a method (setClientAuth) that seems to do
> > what I want, but for some strange reason it takes a string as an argument
> > instead of a boolean. What am I missing here?? How do I enable this?
> >
> > Sander Smith
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: SSL Client Authorization
Posted by Parsons Technical Services <pa...@earthlink.net>.
Sander,
If what you want is to have the client present a certificate for validation,
then in your connector have something like
clientAuth="true"
See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
If you are looking for something different let us know.
Doug
www.parsonstechnical.com
----- Original Message -----
From: "Sander Smith" <ss...@rogers.com>
To: <to...@jakarta.apache.org>
Sent: Tuesday, June 01, 2004 6:29 AM
Subject: SSL Client Authorization
> I'm writing an application with SSL that's been working fine, and would
> like to enable client authorization. It seemed like the thing to do was go
> to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> there. Lo and behold there is a method (setClientAuth) that seems to do
> what I want, but for some strange reason it takes a string as an argument
> instead of a boolean. What am I missing here?? How do I enable this?
>
> Sander Smith
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: SSL Client Authorization
Posted by Parsons Technical Services <pa...@earthlink.net>.
Sander,
If what you want is to have the client present a certificate for validation,
then in your connector have something like
clientAuth="true"
See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
If you are looking for something different let us know.
Doug
www.parsonstechnical.com
----- Original Message -----
From: "Sander Smith" <ss...@rogers.com>
To: <to...@jakarta.apache.org>
Sent: Tuesday, June 01, 2004 6:29 AM
Subject: SSL Client Authorization
> I'm writing an application with SSL that's been working fine, and would
> like to enable client authorization. It seemed like the thing to do was go
> to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> there. Lo and behold there is a method (setClientAuth) that seems to do
> what I want, but for some strange reason it takes a string as an argument
> instead of a boolean. What am I missing here?? How do I enable this?
>
> Sander Smith
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org