Tomcat and client certificates
- From: David Delbecq <delbd (at) oma.be>
- Date: Fri, 03 Feb 2006 10:19:31 +0100
Markus a écrit :
>Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
>goes away. (Wtf is this documented?).
>
Yes it is documented:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Section 'Edit the Tomcat Configuration File'
> But I still get the 403 - Access
>denied error.
>
>
This mean client didn't send a certificate or certificate was not recognized
>Here is how I added the users certificate to my realm:
>
>web.xml:
>
> <security-constraint>
> <web-resource-collection>
> <url-pattern>/html/*</url-pattern>
> <http-method>POST</http-method>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>myrole</role-name>>
> </auth-constraint>
> <user-data-constraint/>
> </security-constraint>
>
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> </login-config>
>
> <security-role>
> <role-name>myrole</role-name>
> </security-role>
>
>tomcat-users.xml:
>
><tomcat-users>
> <role rolename="myrole"/>
> <user username="EMAILADDRESS=mark... , CN=markus...., OU=..., O=...
>, L=...., ST=... C=..." password="" roles="myrole"/>
></tomcat-users>
>
>As username I used exactly the cert.getSubjectDN().getName() String
>from the client certificate.
>
>
>Is this ok?
>
>
Did you escape the quote character of subject line using " ?
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
>For additional commands, e-mail: users-help (at) tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org