You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christoph Ender <ch...@moondock.org> on 2001/08/28 12:32:06 UTC

Unable to access certificate from Servlet


Hi,

I've now been trying to access the certificate I used to authenticate with
the web server for a long time, but had no success. I've been using the
apache-tomcat cooperation with mod_jk. Apache correctly exports the
certificate in an environment variable, but no attribute is accessible
from the servlet.

I'm using the JDK 1.2.2 on a linux machine. I've gone though the setup
again and listed every step of the installation:

- Default apache and mod_ssl setup
- Installed Jakarta-Ant 1.3
- Servlet API Class Files 2.2b
- Tomcat 3.2.3
- Built mod_jk from src/native/apache1.3
- Copied mod_jk.so to /usr/libexec
- Let Tomcat create mod_jk.conf-auto
- Copied mod_jk.conf-auto to mod_jk.conf-user
- Uncommented JkExtractSSL and set from Off to On
- Uncommented JkHTTPSIndicator HTTPS
- Uncommented JkSESSIONIndicator SSL_SESSION_ID
- Uncommented JkCIPHERIndicator SSL_CIPHER
- Uncommented JkCERTSIndicator SSL_CLIENT_CERT
- Added "Include <...>/mod.jk.conf-user" to httpd.conf
- Replaced "JkMount /myServlet/servlet/* ajp12"
  with "JkMount /myServlet/servlet/* ajp13"
- Replaced "JkMount /myServlet/*.jsp ajp12"
  with "JkMount /myServlet/*.jsp ajp13"
- In mod_ssl.conf, replaced both "SSLOptions +StdEnvVars"
  with "SSLOptions +StdEnvVars +ExportCertData"
- Added appropriate server.crt, ca.cert, and server.key to apache's ssl.crt
  and ssl.key directories
- Added to server.xml:
  <Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler"
     value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
    <Parameter name="port" value="8009"/>
  </Connector>
- Uncommented "Include /etc/apache/mod_ssl.conf"
- Added to httpd.conf:
  SSLVerifyClient require
  SSLVerifyDepth 1
  SSLCACertificateFile /etc/apache/ssl.crt/ca.crt


Authentification with Apache works, it asks for my certificate, I choose
the only one I have and get access to the servlet. I'm sure that the AJP13
Connector is used - it disabled AJP12 once for testing. However,
request.getAttribute("javax.servlet.request.X509Certificate") is always
null.

The Servlet is aware that the protection has been secured - request.isSecure()
returns true, request.getScheme() returns "https". However, the list of
attributes provided by the request object is always empty. Some headers
are availiable, as well as lot of System Properties, but none lists the
certificate or any information realted to it.


Any help on how to access the certificate would be very appreciated.


Thanks in advance,
Christoph.