Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Security >> Java Secure Socket Extension (JSSE)

Obtaining client certificate in servlet using apache + tomcat

Hi,

I'm porting a webapplication from Javawebserver to Apache/1.3.6 (Win32) mod_jk mod_ssl/2.2.6 OpenSSL/0.9.2b

The application needs to get the client certificate hash code.

Using Javawebserver I used

request.getAttribute ("javax.net.ssl.cipher_suite");

request.getAttribute("javax.net.ssl.peer_certificates");

etc

How do I set up the apache webserver so that I can read the client certificate and what is the attribute called?

I've tried this in the httpd.conf:

SSLOptions +ExportCertData

And the attribute:

"SSL_CLIENT_CERT"

Like it says in the Tomcat documentation.

I'm not sure if I need to set up Tomcat as well..

Any help would be greatly appriciated!

Sincerely,

AM Hjemaas

[795 byte] By [annehj] at [2007-9-26 4:03:45]

«« Short.MAX_VALUE graphics limits in scrollpane
»» Embeding flash in java

# 1

request.getAttribute("javax.security.cert.X509Certificate");hope this helps...glow195@yahoo

glow007 at 2007-6-29 13:01:32 >

top of Java-index,Security,Java Secure Socket Extension (JSSE)...

# 2

Hi,

Thank you for your answer.

I have tried this as well, but it returns null.

The problem seems to be that the servlet doesn't get the certificate information at all. I believe I've configured Apache so that it should export the client certificate.

getAuthType() also returns null.

I get a "Handshake Interrupted by system" in apache's error.log. That might be a reason...but the documentation is not helping...

-anne

annehj at 2007-6-29 13:01:32 >

# 3

> The problem seems to be ...

To make sure:

- use -Djavax.net.debug=all

- see what is passed, using something like

Enumeration attributeNames =

req.getAttributeNames();

while(attributeNames.hasMoreElements())

System.out.println

(attributeNames.nextElement().toString());

Goodluck,

avbentem at 2007-6-29 13:01:32 >

# 4

Thank you for you answer.

I get an empty enumeration, so it must be something wrong with my configuration or a bug somewhere...

Did anybody get this to work? If so, is it possible for me to get a copy of the compiled version (apache with ssl) for Windows NT/2000?

-anne, getting tired and desperate

annehj at 2007-6-29 13:01:32 >

# 5

Problem solved:UseAjp13ConnectionHandlernotAjp12ConnectionHandlerand recompile mod_jk.dll with EAPI option.Thanks to the www.alltheweb.com team!

annehj at 2007-6-29 13:01:32 >

# 6

Yup use ajp13 not ajp12 or mod_webapp

refer to http://www.galatea.com/flashguides/apache-tomcat-24-win32.xml on setting up..

THIS IS IMPORTANT!!!

use Apache mod_jk.dll diretive:

JkEnvVar *Apache_Env_Var* *FORWARD_ALIAS*

this will send a apache environment variable (http://myapache/cgi-bin/printenv.pl to see whats available) to Tomcat

JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT

Then in Tomcat servlet use request.getAttribute("SSL_CLIENT_CERT") to get the cert in PEM format

Hope this helps

Jay

jaygarala at 2007-6-29 13:01:32 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Obtaining client certificate in servlet using apache + tomcat

Security New Topic

Security Hot Topic

Security

All Classified