By Date:	<-- -->
By Thread:	<-- -->

HTTPS connector and clientAuth=want: how to retrieve client cert in servlet?

From: Shankar Unni <shankarunni (at) netscape.net>
Date: Mon, 31 Jul 2006 18:18:49 -0700

I'm using Tomcat 5.5.17's HTTPS connector, with clientAuth set to "want".

(Note: I don't want Tomcat to do the authentication itself - I simply want to pass the client cert to the servlet for its own use; I'm trying to set up an *optional* client-cert-based authentication setup that can fall back to an application-specific login sequence.)

When I turn on SSL debugging on the client (-Djavax.net.debug=ssl,handshake,data,trustmanager), I see the certificate being loaded from the client's keystore (and presumably passed to the server).

However, I'm stuck trying to retrieve the client certificate from the ServletRequest in the servlet itself.

Q: How do I get to the client's X.509 certificate?  Help!

Thx,
--
Shankar Unni.


---------------------------------------------------------------------
To start a new topic, e-mail: users (at) tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

Follow-Ups:
- HTTPS connector and clientAuth=want: how to retrieve client cert in servlet?
  - From: Shankar Unni <shankarunni (at) netscape.net>

Prev by Date: MaxClients - MaxThreads relationship
Next by Date: HTTP Status 404 - /jsp-examples/
Previous by thread: MaxClients - MaxThreads relationship
Next by thread: HTTPS connector and clientAuth=want: how to retrieve client cert in servlet?
Index(es):
- Main
- Thread