raj2476
asked on
Client Authentication using SSL
Hi,
I am using Tomcat 4.0.1 & I have configured Tomcat with a trial SSL Certificate. I configured Tomcat to accept Client Certificates in SSL Handshake. This is also working fine. Now if I need to validate this client certificate, how do I receive it at the Tomcat Server and validate the certificate. I want to know how a certificate can be retrieved by a Servlet on Tomcat incase of Client Authentication.
Please help me asap.
Thanks & Regards,
..Raj
I am using Tomcat 4.0.1 & I have configured Tomcat with a trial SSL Certificate. I configured Tomcat to accept Client Certificates in SSL Handshake. This is also working fine. Now if I need to validate this client certificate, how do I receive it at the Tomcat Server and validate the certificate. I want to know how a certificate can be retrieved by a Servlet on Tomcat incase of Client Authentication.
Please help me asap.
Thanks & Regards,
..Raj
ASKER
Senya,
Thanks a lot for that answer. But the problem is I am using Tomcat 4.0.1 in which you dont have any configuration files said by you. For ex: "H:/httpd/jakarta-tomcat-3 .3/conf/au to/mod_jk. conf". I guess you need to modify only server.xml in Tomcat 4.0.1. SSL is working fine for me on this server. I have put your code & when I execute, I get all the values "Null". This is how the connector looks in server.xml
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.cata lina.conne ctor.http. HttpConnec tor"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.cata lina.net.S SLServerSo cketFactor y"
clientAuth="true" protocol="TLS"/>
</Connector>
Do I need to do any more changees?? Please let me know asap becoz this is very urgent for me.
Regards,
..Raj
Thanks a lot for that answer. But the problem is I am using Tomcat 4.0.1 in which you dont have any configuration files said by you. For ex: "H:/httpd/jakarta-tomcat-3
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.cata
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.cata
clientAuth="true" protocol="TLS"/>
</Connector>
Do I need to do any more changees?? Please let me know asap becoz this is very urgent for me.
Regards,
..Raj
Please click this link and update/finalize your open and locked questions. If this LOCKED question does not serve your needs, please REJECT it.
https://www.experts-exchange.com/jsp/memberProfile.jsp?mbr=raj2476&showQHistory=true
Moondancer - EE Moderator
https://www.experts-exchange.com/jsp/memberProfile.jsp?mbr=raj2476&showQHistory=true
Moondancer - EE Moderator
ASKER
This solution may work for Tomcat 3.x. But for 4.x it does not give any clue for me. I have replied the same, but no further answer from Senya. So the answer is not useful for me.
ASKER
It has been a long time since I asked the question. I worked out on my own & got the solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hi raj,
since u adi found the solution.. why not u post it here and share it qith all of us...
thanks..:-)
since u adi found the solution.. why not u post it here and share it qith all of us...
thanks..:-)
import java.security.cert.X509Cer
import java.security.cert.Certifi
import java.security.cert.Certifi
import java.security.cert.Certifi
try {
FileInputStream fis = new FileInputStream(CRLfile);
CertificateFactory cf = CertificateFactory.getInst
X509CRL CRLList = (X509CRL)cf.generateCRL(fi
fis.close();
}
catch()...
....
try {
String cipherSuite = (String) request.getAttribute("java
out.println("Cipher Suite: " + cipherSuite);
if (cipherSuite != null) {
X509Certificate certChain[] =(X509Certificate[])
request.getAttribute("java
if (certChain != null) {
for (int i = 0; i < certChain.length; i++) {
out.println ("Client Cert [" + i + "] = " + certChain[i].toString());
}
// This could throw InvalidCert exceptions:
certChain[0].checkValidity
if (CRLList != null && CRLList.isRevoked(certChai
throw new Exception("Revoked SSL Certificate");
}
}
catch (CertificateExpiredExcepti
throw new Exception("Expired SSL Certificate");
}
catch (CertificateNotYetValidExc
throw new Exception("Invalid SSL Certificate");
}
catch (Exception e) {
if (e.getMessage().equals("Re
e.getMessage().equals("Non
throw e;
else
throw new Exception("Invalid SSL Certificate");
# UPDATE TOMCAT--START
include H:/httpd/jakarta-tomcat-3.
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT
# UPDATE TOMCAT--END