Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Client Authentication using SSL

Posted on 2002-03-19
7
Medium Priority
?
354 Views
Last Modified: 2013-11-24
Hi,

I am using Tomcat 4.0.1 & I have configured Tomcat with a trial SSL Certificate. I configured Tomcat to accept Client Certificates in SSL Handshake. This is also working fine. Now if I need to validate this client certificate, how do I receive it at the Tomcat Server and validate the certificate. I want to know how a certificate can be retrieved by a Servlet on Tomcat incase of Client Authentication.

Please help me asap.

Thanks & Regards,

..Raj
0
Comment
Question by:raj2476
7 Comments
 

Expert Comment

by:senya
ID: 6881156
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;


try {
 FileInputStream fis   = new FileInputStream(CRLfile);

 CertificateFactory cf = CertificateFactory.getInstance("X.509");

 X509CRL CRLList = (X509CRL)cf.generateCRL(fis);
 fis.close();
}
catch()...

....
try {

String cipherSuite = (String) request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);

if (cipherSuite != null) {
   X509Certificate certChain[] =(X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
   if (certChain != null) {
      for (int i = 0; i < certChain.length; i++) {
         out.println ("Client Cert [" + i + "] = " + certChain[i].toString());
      }

      // This could throw InvalidCert exceptions:
      certChain[0].checkValidity();
   
     if (CRLList != null && CRLList.isRevoked(certChain[0]))
        throw new Exception("Revoked SSL Certificate");
     }
}
   catch (CertificateExpiredException cee) {
     throw new Exception("Expired SSL Certificate");
  }
   catch (CertificateNotYetValidException cnyve) {
     throw new Exception("Invalid SSL Certificate");
  }
   catch (Exception e) {
    if (e.getMessage().equals("Revoked SSL Certificate") ||
        e.getMessage().equals("Non-SSL access disabled"))
       throw e;
    else
       throw new Exception("Invalid SSL Certificate");

# UPDATE TOMCAT--START
include H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf

# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

# UPDATE TOMCAT--END

0
 

Author Comment

by:raj2476
ID: 6881804
Senya,

Thanks a lot for that answer. But the problem is I am using Tomcat 4.0.1 in which you dont have any configuration files said by you. For ex: "H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf". I guess you need to modify only server.xml in Tomcat 4.0.1. SSL is working fine for me on this server. I have put your code & when I execute, I get all the values "Null". This is how the connector looks in server.xml

    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
   
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
            acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="true" protocol="TLS"/>
    </Connector>

Do I need to do any more changees?? Please let me know asap becoz this is very urgent for me.

Regards,

..Raj
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6956680
Please click this link and update/finalize your open and locked questions.  If this LOCKED question does not serve your needs, please REJECT it.

http://www.experts-exchange.com/jsp/memberProfile.jsp?mbr=raj2476&showQHistory=true

Moondancer - EE Moderator
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:raj2476
ID: 6957334
This solution may work for Tomcat 3.x. But for 4.x it does not give any clue for me. I have replied the same, but no further answer from Senya. So the answer is not useful for me.
0
 

Author Comment

by:raj2476
ID: 6957336
It has been a long time since I asked the question. I worked out on my own & got the solution.
0
 
LVL 1

Accepted Solution

by:
Moondancer earned 0 total points
ID: 6957816
200 points have been refunded to you since, as you say, you found your own solution.  This question has been moved to our PAQ to close it.  Since you did find the solution, you would help others by adding it here.

Listening further.

Thanks,
Moondancer - EE Moderator
0
 

Expert Comment

by:pleasure
ID: 12037782
hi raj,
since u adi found the solution.. why not u post it here and share it qith all of us...
thanks..:-)
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
In this post we will learn different types of Android Layout and some basics of an Android App.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question