You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Joe Savoie <js...@remitpro.com> on 2009/11/05 17:27:58 UTC

SSL certificates

How can I tell if I have my web application set up properly to pass digital certifcates?

I am building a webapp to interface with another companies web application.  As per this companies instructions, I must register my web app, generate the required digital certs, and provide callback methods to my webapp.

I have a web app set up in a Tomcat 5.5 container.  All request for this web app are proxied through an Apache 2 SSL web server which currently proxies for other web services.

An example from the other company has me initialize the SSL provider in my servlets init() function.  Is there any other configuration I must do since this webapp is behind a Apache web server? Should I expect issues supplying a client certificate from my webapp while communicating through the SSL proxy?

I have never set up a web app to handle certificates so this is new to me.



   public void init(ServletConfig config) throws ServletException {
        super.init(config);
      // Set up the SSL properties to find the keystore correctly
      System.setProperty("javax.net.debug", "all");
      System.setProperty("javax.net.ssl.keyStore", "/path/to/my/key/store");
      System.setProperty("javax.net.ssl.keyStorePassword", "password");
      System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

      // Make sure java is configured to handle HTTPS by adding the
      // appropriate SSL provider to the security manager.
      java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

                . . .

Joe