Author: rjung
Date: Mon Apr 9 09:05:13 2007
New Revision: 526800
URL: http://svn.apache.org/viewvc?view=rev&rev=526800
Log:
Port changes from apache reference document to apache webserver doc.
At the moment, there is no clear distinction, which info we put
into which.
Modified:
tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml
Modified: tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml?view=diff&rev=526800&r1=526799&r2=526800
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/webserver_howto/apache.xml Mon Apr 9
09:05:13 2007
@@ -625,6 +625,25 @@
</p>
<p>
+JkOptions <b>ForwardSSLCertChain</b>, you ask mod_jk, when using ajp13,
+to Forward SSL certificate chain (off by default).
+Mod_jk only passes the <code>SSL_CLIENT_CERT</code> to the AJP connector. This
is not a
+problem with self-signed certificates or certificates directly signed by the
+root CA certificate. However, there's a large number of certificates signed by
+an intermediate CA certificate, where this is a significant problem: A servlet
+will not have the possibility to validate the client certificate on its own.
The
+bug would be fixed by passing on the <code>SSL_CLIENT_CERT_CHAIN</code> to
Tomcat via the AJP connector.
+<br/>
+This directive exists only since version 1.2.22.
+<source>
+ JkOptions +ForwardSSLCertChain
+</source>
+
+<br/>
+<br/>
+</p>
+
+<p>
The directive <b>JkEnvVar</b> allows you to forward environment variables from
Apache server to Tomcat engine.
The variables can be retrieved on the Tomcat side as request attributes.
You can add a default value as a second parameter to the directive.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
