You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Diego Manilla Suárez <di...@xeridia.com> on 2009/06/02 11:35:47 UTC
Problems retrieving client certificates with mod_jk
Hi. I'm using client certificates in certain parts of my webapp. When I
was using mod_proxy_ajp I could retrieve the client certificates from a
request attribute:
request.getAttribute("javax.servlet.request.X509Certificate");
But now I've switched to mod_jk and I always get null. This is my
current config in Apache 2.2:
######################
LoadModule jk_module modules/mod_jk.so
JkWorkersFile workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardSSLCertChain
<VirtualHost _default_:8443>
JkMount /WSindex worker1
JkMount /WSindex/* worker1
SSLVerifyClient require
SSLVerifyDepth 10
# More irrelevant SSL configuration...
</VirtualHost>
######################
In Tomcat 5.5.26:
######################
<Connector port="8009" enableLookups="false" protocol="AJP/1.3"
URIEncoding="UTF-8" connectionTimeout="600000" />
######################
workers.properties:
######################
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.connection_pool_timeout=600
worker.worker1.socket_timeout=60
worker.worker1.socket_keepalive=1
######################
Any idea?
Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problems retrieving client certificates with mod_jk
Posted by Diego Manilla Suárez <di...@xeridia.com>.
OK, problem solved. I added
SSLOptions +ExportCertData
and now it's working again.
Regards,
Diego
Diego Manilla Suárez escribió:
> Hi. I'm using client certificates in certain parts of my webapp. When
> I was using mod_proxy_ajp I could retrieve the client certificates
> from a request attribute:
>
> request.getAttribute("javax.servlet.request.X509Certificate");
>
> But now I've switched to mod_jk and I always get null. This is my
> current config in Apache 2.2:
>
> ######################
> LoadModule jk_module modules/mod_jk.so
> JkWorkersFile workers.properties
> JkShmFile logs/mod_jk.shm
> JkLogFile logs/mod_jk.log
> JkLogLevel info
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> JkOptions +ForwardSSLCertChain
>
> <VirtualHost _default_:8443>
> JkMount /WSindex worker1
> JkMount /WSindex/* worker1
> SSLVerifyClient require
> SSLVerifyDepth 10
> # More irrelevant SSL configuration...
> </VirtualHost>
> ######################
>
> In Tomcat 5.5.26:
>
> ######################
> <Connector port="8009" enableLookups="false" protocol="AJP/1.3"
> URIEncoding="UTF-8" connectionTimeout="600000" />
> ######################
>
> workers.properties:
>
> ######################
> worker.list=worker1
> worker.worker1.type=ajp13
> worker.worker1.host=localhost
> worker.worker1.port=8009
> worker.worker1.connection_pool_timeout=600
> worker.worker1.socket_timeout=60
> worker.worker1.socket_keepalive=1
> ######################
>
> Any idea?
>
> Thanks in advance.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
****
****
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org