You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Joao Cerdeira <jo...@multicert.com> on 2002/12/13 12:31:24 UTC

Problem Obteining the certicate Chain with Apache+mod_jk+tomcat

  HI,

I Have:
 
Apache 1.3.27-10
mod_ssl 2.8.7-4
modutils 2.4.14-3
mod_jk 1.3-1.0-1.4.0.2
tomcat 4.0.3

 *   This is my JK mounk config:
*
        JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT
        JkMount /dgt/* ajp13

         JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0

        <Location /servlets>
         SSLRequire true
         SSLOptions +StdEnvVars +ExportCertData
         SSLVerifyClient require
         SSLVerifyDepth 10
       </Location>

*
And this what i'm trying ti do:*

X509Certificate[] certs =
                (X509Certificate[]) 
request.getAttribute("javax.servlet.request.X509Certificate");

*And the problem
*
i'm trying to do a https client side connection.

the certs array just have 1 certificate
but my certificate chain installed in the browser have 3 certificates.


To debug the problem i make a cgi to print vars, but in the result are:

........................

SSL_CLIENT_A_SIG="sha1WithRSAEncryption"
SSL_CLIENT_CERT="-----BEGIN CERTIFICATE-----\nMIIF5jCCB ............................
SSL_CLIENT_CERT_CHAIN_0="-----BEGIN CERTIFICATE-----\nMIID7TCCA1ag ..............................

OK i discovered another problem my apache only give me 2 of the 3 
certificates.
Apache don't give me the root certificate of my chain.


*My question:*

What i must do, to obtein all the certificates ????

thanks for reading my question
answer if you know  please


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>