On 23.10.2009 20:49, Christopher Schultz wrote:
> Rainer,
>
> On 10/23/2009 1:36 PM, Rainer Jung wrote:
>> Keep in mind the 8KB limit for the AJP header packet. Especially in case
>> you sometime switch to a longer certificate chain, then you might run
>> into it (and will be able to fix it with m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 10/23/2009 1:36 PM, Rainer Jung wrote:
> Keep in mind the 8KB limit for the AJP header packet. Especially in case
> you sometime switch to a longer certificate chain, then you might run
> into it (and will be able to fix it with max_packet_
Thanks for the comprehensive instructions, very useful.
Keep in mind the 8KB limit for the AJP header packet. Especially in case
you sometime switch to a longer certificate chain, then you might run
into it (and will be able to fix it with max_packet_size).
Regards,
Rainer
On 23.10.2009 18:36,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
I'm following up because I was able to get the following working. In
case anyone else wants to get this all working, the information is all
in (roughly) one place.
1. Apache httpd terminates SSL
2. Apache httpd performs client certificate verifi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 10/22/2009 5:26 PM, Christopher Schultz wrote:
> ...did the trick. I now see an ASCII-formatted certificate dumped into
> my wtf.log file (yay!) and I get a ClassCastException in my JSP, which
> means that the request attribute is definitely n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 10/22/2009 5:21 PM, Christopher Schultz wrote:
> I even tried adding:
>
> SSLOptions +StdEnvVars
Looks like I was close:
SSLOptions +ExportCertData
...did the trick. I now see an ASCII-formatted certificate dumped into
my wtf.log f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 10/22/2009 3:22 PM, Rainer Jung wrote:
> Not sure, but here are some steps to close the gap:
>
> Apache itself should put the cert into a so-called environment variable
> names "SSL_CLIENT_CERT". You can log env vars in the access log by
>
On 22.10.2009 20:57, Christopher Schultz wrote:
> All,
>
> On 10/22/2009 11:50 AM, Christopher Schultz wrote:
>> SSLVerifyClient optional
>> SSLVerifyDepth 1
>> SSLCACertificateFile conf/my-client-cert-ca.crt
>
> Okay, I took the above steps and I can see that Apache httpd will
> properly reject
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 10/22/2009 11:50 AM, Christopher Schultz wrote:
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLCACertificateFile conf/my-client-cert-ca.crt
Okay, I took the above steps and I can see that Apache httpd will
properly reject clients when usi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
I've never used client SSL certificates, but they seem ideal for a
newly-requested feature for our software, and I'd like to run the idea
past you folks as a smoke test. I realize a lot of this is off-topic,
but the documentation for these things
10 matches
Mail list logo
