You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Alex <de...@gmail.com> on 2010/03/22 13:41:52 UTC

client certificate authentication

Hi,

I have setup a apach2 http server with

SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars

the apache2 is linked via ajp-connector to the tomcat 6.0.24 container.

when I want to get the hole certificate chain with

certs = (X509Certificate[]) 
servletRequest.getAttribute("javax.servlet.request.X509Certificate");

I always get only one certificate the client certificate.

My Question: Is there a possibility to get the hole certificate chain?

Thank you, Alex




---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org

RE: client certificate authentication

Posted by Martin Gainty <mg...@hotmail.com>.

Good Evening Alex

you can fetch the certiciate chain from the keystore's FileInputStream e.g.
   // instantiate a KeyStore with type JKS
    KeyStore ks = KeyStore.getInstance("JKS");
    // load the contents of the KeyStore
    ks.load(new FileInputStream("./keystore"),
    	"password".toCharArray());
    // fetch certificate chain stored with alias "sean"
    Certificate[] certArray = ks.getCertificateChain("sean")http://java.sun.com/javase/6/docs/technotes/guides/security/certpath/CertPathProgGuide.html#PKIXClasses
Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




> Date: Mon, 22 Mar 2010 13:41:52 +0100
> From: devnsl01@gmail.com
> To: java-user@axis.apache.org
> Subject: client certificate authentication
> 
> Hi,
> 
> I have setup a apach2 http server with
> 
> SSLVerifyClient require
> SSLVerifyDepth 2
> SSLOptions +ExportCertData +StdEnvVars
> 
> the apache2 is linked via ajp-connector to the tomcat 6.0.24 container.
> 
> when I want to get the hole certificate chain with
> 
> certs = (X509Certificate[]) 
> servletRequest.getAttribute("javax.servlet.request.X509Certificate");
> 
> I always get only one certificate the client certificate.
> 
> My Question: Is there a possibility to get the hole certificate chain?
> 
> Thank you, Alex
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-user-help@axis.apache.org
> 
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/210850553/direct/01/

Re: client certificate authentication

Posted by Andreas Veithen <an...@gmail.com>.

Alex,

This is probably a question that should be asked on the Tomcat mailing list.

Andreas

On Mon, Mar 22, 2010 at 13:41, Alex <de...@gmail.com> wrote:
> Hi,
>
> I have setup a apach2 http server with
>
> SSLVerifyClient require
> SSLVerifyDepth 2
> SSLOptions +ExportCertData +StdEnvVars
>
> the apache2 is linked via ajp-connector to the tomcat 6.0.24 container.
>
> when I want to get the hole certificate chain with
>
> certs = (X509Certificate[])
> servletRequest.getAttribute("javax.servlet.request.X509Certificate");
>
> I always get only one certificate the client certificate.
>
> My Question: Is there a possibility to get the hole certificate chain?
>
> Thank you, Alex
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-user-help@axis.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org