By Date:	<-- -->
By Thread:	<-- -->

Tomcat 5.5.17 APR/SSL Client Certificat

From: alym <jmfesneau (at) meeschaert.net>
Date: Mon, 19 Jun 2006 02:17:54 -0700 (PDT)

Hi,

I cannot obtain client certificate with SSL/client certificate
authentication using APR components   
My configuration :
Tomcat 5.5.17,
jdk1_5.0_06,
Apr-1.2.7,
Openssl-0.9.8,
tomcat-native-1.1.3 under solaris 8

I configured tomcat to use SSL client-certificate authentication and i need
to
access the client certificate.
When i set SSLVerifyClient="none" the authentification works correctly, but
when i
set SSLVerifyClient="require" the authentification ask the client
certificate
and after it "freeze". I thing that it can't get client certificate
because when i shutdown tomcat, the log contains this line
"ssl3_check_client_hello" and
after no lines.

My tomcat installation, according the guide
http://tomcat.apache.org/tomcat-5.5-doc/apr.html
and the BUILDING in APR-1.2.7

This is the SSL HTTP connector extract from my server.xml :
   <Connector
           protocole="org.apache.coyote.http11.Http11AprProtocol"
           port="443"
           maxHttpHeaderSize="8192"
           maxThreads="150"
           minSpareThreads="25"
           maxSpareThreads="75"
           enableLookups="false"
           disableUploadTimeout="true"
           acceptCount="100"
           scheme="https"
           secure="true"
           SSLEngine="on"
           SLProtocole="all"
          
SSLCipherSuite="ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
           SSLCertificateFile="${catalina_base}/srv.crt"
           SSLCertificateKeyFile="${catalina_base}/srv.key"
           SSLPassword="xxxxx"
           SSLCACertificatePath="${catalina_base}"
           SSLCACertificateFile="${catalina_base}/ca.crt"
           SSLVerifyClient="require"
           SSLVerifyDepth="1"
/>

I don't know what missing to work correctly.
Thanks
--
View this message in context: http://www.nabble.com/Tomcat-5.5.17-APR-SSL-Client-Certificat-t1810149.html#a4933091
Sent from the Tomcat - User forum at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users (at) tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

Follow-Ups:
- Tomcat 5.5.17 APR/SSL Client Certificat
  - From: "GaÃl Lams" <lamsgael (at) gmail.com>

Prev by Date: Download a file from jsp
Next by Date: Http11AprProtocol took 2 hr to init on http-443
Previous by thread: Download a file from jsp
Next by thread: Tomcat 5.5.17 APR/SSL Client Certificat
Index(es):
- Main
- Thread