"Christopher Schultz" wrote in message
news:4b070643.1070...@christopherschultz.net...
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Rainer,
>
> On 11/20/2009 1:09 PM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> I'm having trouble getting a client certificat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 4:12 PM, Christopher Schultz wrote:
> Rainer,
>
> On 11/20/2009 1:09 PM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> I'm having trouble getting a client certificate chain sent to Tomcat via
>>> mod_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:09 PM, Rainer Jung wrote:
> On 20.11.2009 17:20, Christopher Schultz wrote:
>> I'm having trouble getting a client certificate chain sent to Tomcat via
>> mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
>
> Off by on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 1:51 PM, Rainer Jung wrote:
> OpenSSL Code looks like only returning the chain provided by the client,
> and the client should not provide the root.
Ok.
> At the moment I see no way of getting the root CA which verified the
> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 12:39 PM, Rainer Jung wrote:
> On 20.11.2009 18:08, Christopher Schultz wrote:
>> Rainer,
>>
>> On 11/20/2009 11:51 AM, Rainer Jung wrote:
>>> On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can
Since certs are public anyhow (not keys), here's the decoding done by
openssl -x509 -in ... -text:
On 20.11.2009 18:49, Rainer Jung wrote:
> The following line from you mod_jk log really shows what is being
> forwarded as an attribute to Tomcat. This is logged after retrieving the
> data from Apac
On 20.11.2009 18:44, Rainer Jung wrote:
>> SSLEngine On
>> SSLCertificateFile ...
>> SSLCertificateKeyFile ...
>>
>> SSLOptions +ExportCertData
>> JkOptions +ForwardSSLCertChain
>>
>> JkMount /cschultz-chadis/*.jsp worker21
>> JkLogLevel debug
On 20.11.2009 17:20, Christopher Schultz wrote:
> I'm having trouble getting a client certificate chain sent to Tomcat via
> mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
Off by one?
https://issues.apache.org/bugzilla/show_bug.cgi?id=39637
indicates you'll need 5.5.28 ...
HTH!
Rain
The following line from you mod_jk log really shows what is being
forwarded as an attribute to Tomcat. This is logged after retrieving the
data from Apache but before sending it over the wire. At least we know
we got the data from Apache and because it is three and not four certs
it is likely, that
> SSLEngine On
> SSLCertificateFile ...
> SSLCertificateKeyFile ...
>
> SSLOptions +ExportCertData
> JkOptions +ForwardSSLCertChain
>
> JkMount /cschultz-chadis/*.jsp worker21
> JkLogLevel debug
>
> # chain.crt contains all 3 certif
On 20.11.2009 18:08, Christopher Schultz wrote:
> Rainer,
>
> On 11/20/2009 11:51 AM, Rainer Jung wrote:
>> On 20.11.2009 17:20, Christopher Schultz wrote:
>>> If you continue reading, you can see that mod_jk sends at least part of
>>> the first certificate. I seem to recall that mod_jk in debug m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
> On 20.11.2009 17:20, Christopher Schultz wrote:
>> If you continue reading, you can see that mod_jk sends at least part of
>> the first certificate. I seem to recall that mod_jk in debug mode only
>
On 20.11.2009 17:20, Christopher Schultz wrote:
> If you continue reading, you can see that mod_jk sends at least part of
> the first certificate. I seem to recall that mod_jk in debug mode only
> logs part of the request, so it's possible that more information is
> being sent than is being logged,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
My httpd configuration looks like this:
SSLEngine On
SSLCertificateFile ...
SSLCertificat
14 matches
Mail list logo
