Solved

Client Authentication using SSL

Posted on 2002-03-19
7
345 Views
Last Modified: 2013-11-24
Hi,

I am using Tomcat 4.0.1 & I have configured Tomcat with a trial SSL Certificate. I configured Tomcat to accept Client Certificates in SSL Handshake. This is also working fine. Now if I need to validate this client certificate, how do I receive it at the Tomcat Server and validate the certificate. I want to know how a certificate can be retrieved by a Servlet on Tomcat incase of Client Authentication.

Please help me asap.

Thanks & Regards,

..Raj
0
Comment
Question by:raj2476
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Expert Comment

by:senya
ID: 6881156
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;


try {
 FileInputStream fis   = new FileInputStream(CRLfile);

 CertificateFactory cf = CertificateFactory.getInstance("X.509");

 X509CRL CRLList = (X509CRL)cf.generateCRL(fis);
 fis.close();
}
catch()...

....
try {

String cipherSuite = (String) request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);

if (cipherSuite != null) {
   X509Certificate certChain[] =(X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
   if (certChain != null) {
      for (int i = 0; i < certChain.length; i++) {
         out.println ("Client Cert [" + i + "] = " + certChain[i].toString());
      }

      // This could throw InvalidCert exceptions:
      certChain[0].checkValidity();
   
     if (CRLList != null && CRLList.isRevoked(certChain[0]))
        throw new Exception("Revoked SSL Certificate");
     }
}
   catch (CertificateExpiredException cee) {
     throw new Exception("Expired SSL Certificate");
  }
   catch (CertificateNotYetValidException cnyve) {
     throw new Exception("Invalid SSL Certificate");
  }
   catch (Exception e) {
    if (e.getMessage().equals("Revoked SSL Certificate") ||
        e.getMessage().equals("Non-SSL access disabled"))
       throw e;
    else
       throw new Exception("Invalid SSL Certificate");

# UPDATE TOMCAT--START
include H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf

# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

# UPDATE TOMCAT--END

0
 

Author Comment

by:raj2476
ID: 6881804
Senya,

Thanks a lot for that answer. But the problem is I am using Tomcat 4.0.1 in which you dont have any configuration files said by you. For ex: "H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf". I guess you need to modify only server.xml in Tomcat 4.0.1. SSL is working fine for me on this server. I have put your code & when I execute, I get all the values "Null". This is how the connector looks in server.xml

    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
   
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
            acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="true" protocol="TLS"/>
    </Connector>

Do I need to do any more changees?? Please let me know asap becoz this is very urgent for me.

Regards,

..Raj
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6956680
Please click this link and update/finalize your open and locked questions.  If this LOCKED question does not serve your needs, please REJECT it.

http://www.experts-exchange.com/jsp/memberProfile.jsp?mbr=raj2476&showQHistory=true

Moondancer - EE Moderator
0
Containers & Docker to Create a Powerful Team

Containers are an incredibly powerful technology that can provide you and/or your engineering team with huge productivity gains. Using containers, you can deploy, back up, replicate, and move apps and their dependencies quickly and easily.

 

Author Comment

by:raj2476
ID: 6957334
This solution may work for Tomcat 3.x. But for 4.x it does not give any clue for me. I have replied the same, but no further answer from Senya. So the answer is not useful for me.
0
 

Author Comment

by:raj2476
ID: 6957336
It has been a long time since I asked the question. I worked out on my own & got the solution.
0
 
LVL 1

Accepted Solution

by:
Moondancer earned 0 total points
ID: 6957816
200 points have been refunded to you since, as you say, you found your own solution.  This question has been moved to our PAQ to close it.  Since you did find the solution, you would help others by adding it here.

Listening further.

Thanks,
Moondancer - EE Moderator
0
 

Expert Comment

by:pleasure
ID: 12037782
hi raj,
since u adi found the solution.. why not u post it here and share it qith all of us...
thanks..:-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question