You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jean Pierre Urkens <je...@devoteam.com> on 2018/05/31 13:20:02 UTC
How to set up Tomcat as a client (not a server) for mutual SSL
I've a web application deployed under Tomcat-8.5.30 that sends web service
(SOAP) requests (using Axis 1.4 framework) to another web server.
The target server applies mutual SSL and the SSL handshake fails on finding
an appropriate client certificate as requested by the server.
I can't seem to figure out how to tell Tomcat which client certificate to
use when requested to sends its client certificate during the handshake.
Any help is appreciated
Re: Re: How to set up Tomcat as a client (not a server) for mutual SSL
Posted by "GaoFeng_it@139.com" <Ga...@139.com>.
How to unsubscribe to tomcat
GaoFeng_it@139.com
From: Mark Thomas
Date: 2018-05-31 22:19
To: Tomcat Users List
Subject: Re: How to set up Tomcat as a client (not a server) for mutual SSL
On 31/05/18 14:20, Jean Pierre Urkens wrote:
> I've a web application deployed under Tomcat-8.5.30 that sends web service
> (SOAP) requests (using Axis 1.4 framework) to another web server.
>
> The target server applies mutual SSL and the SSL handshake fails on finding
> an appropriate client certificate as requested by the server.
>
> I can't seem to figure out how to tell Tomcat which client certificate to
> use when requested to sends its client certificate during the handshake.
This isn't Tomcat configuration. Tomcat plays no part in the outgoing
connection. You configure the connection for mutual TLS the same way you
would if you were writing a standalone client.
Personally, I'd use the API rather than the system properties but the
choice is yours.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to set up Tomcat as a client (not a server) for mutual SSL
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/31/18 10:19 AM, Mark Thomas wrote:
> On 31/05/18 14:20, Jean Pierre Urkens wrote:
>> I've a web application deployed under Tomcat-8.5.30 that sends
>> web service (SOAP) requests (using Axis 1.4 framework) to another
>> web server.
>>
>> The target server applies mutual SSL and the SSL handshake fails
>> on finding an appropriate client certificate as requested by the
>> server.
>>
>> I can't seem to figure out how to tell Tomcat which client
>> certificate to use when requested to sends its client certificate
>> during the handshake.
>
> This isn't Tomcat configuration. Tomcat plays no part in the
> outgoing connection. You configure the connection for mutual TLS
> the same way you would if you were writing a standalone client.
>
> Personally, I'd use the API rather than the system properties but
> the choice is yours.
+1
When configuring using system properties, you modify the behavior of
the entire JVM.
Unfortunately, while Java provides all of the tools you need, many
operations require a lot of needlessly verbose code.
I can reply later with some useful information, having just
standardized our TLS connection information across many different
kinds of API accesses with a single class that handles the configuration
.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsRRQ4ACgkQHPApP6U8
pFjs8A//fecr9/5uoXDl5TgFL1YT3MTLyhZ2QzsM4YE7gnWzwsokoBgMiAZTwiZ7
l5/yhOKmVAqFN36gl8mhCdXQWMvD2HGGeinIt60mENb8RZ2PwuIXmHLbdpgjbniy
jPGbh1OMf2PsHAXSkYnTLsznPgie0Skv4CblItpHhJ+z5L+yDD1qUY3cDmZ1oXcG
6ypVGEGiZNlla632PY136jUVDPjjvtKGR5MK5nNJGmb4TcfGbmNeWDJhKSXIW1Qh
M9+ea4Ft3O2OFWuBWc/KjgIe0RGvZW8ldv9FSn5RYBr2p9yYnrjB/XEa55ORR7/T
4flGmPNFXGDFDPJgwIZ9ldpz8svvUnROyk97l6Z11T4fIiYwupDJcxNhlLrTGE2h
poN1BQ3voqTyeCt9K43jZvTVxvcOYzXfsb0rqkLyfFM6/g7+FAMe4hzMuUrBAVmu
XodY2K17Wa2IH9r4BaaLwWXCRDjJ5O3te8iOcXR7I2knK92HqOcnDw2kpbJh13vy
XJ4RA7SxdHMJJdGQIoWQmarebpoVGAm/Yiw2rELrG0Ln4DPqlOBn3tQ4Twwzt8L+
+CM9+6Z44CbG51ANguqueOyJhDL2DNn24j0Ce7eGNHSXLKntD8TJSqIX6xj+vQLk
zJs20UVXMn8xMP0m24/oxdUIvwC/nA35O4bCGruQTOggnMylhy0=
=VbPQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to set up Tomcat as a client (not a server) for mutual SSL
Posted by Mark Thomas <ma...@apache.org>.
On 31/05/18 14:20, Jean Pierre Urkens wrote:
> I've a web application deployed under Tomcat-8.5.30 that sends web service
> (SOAP) requests (using Axis 1.4 framework) to another web server.
>
> The target server applies mutual SSL and the SSL handshake fails on finding
> an appropriate client certificate as requested by the server.
>
> I can't seem to figure out how to tell Tomcat which client certificate to
> use when requested to sends its client certificate during the handshake.
This isn't Tomcat configuration. Tomcat plays no part in the outgoing
connection. You configure the connection for mutual TLS the same way you
would if you were writing a standalone client.
Personally, I'd use the API rather than the system properties but the
choice is yours.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org