Tutorial on using client cert with Tomcat 5

Hello,
I'm looking for a tutorial on using client-cert method with tomcat 5.0.28 with jsp pages.
I want to generate my own certs and keys.
Is there anything like this on the web ?
Thanks

Maybe you could try searching the Tomcat mail archives or post your question to one of their mailing lists.
http://jakarta.apache.org/site/mail.html

Similar Messages

  • How to use CLIENT-CERT authentication?

    Hi,
    I would like to know how to use client authentication.
    I used a web application with CLIENT-CERT authentication.
    And I accessed to the application from browser, then I had the following error
    message:
    Incorrect or missing client certificate.
    I used OpenSSL to generate keys.
    Could you tell me the information of the setting?
    Especially, I don't know theentry of CertAuthenticator.
    Could you tell me?
    Regards,
    Kuniaki Hagiwara - HP Japan

    Thank you for your response.
    Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.

  • Configure Client-cert with ACL in iPlanet

    I need to configure iPlanet with "client-cert" configuration.
    - It works with this setting (in the console) : [Preference] --> [Encryption Preferences] --> "Require client certificates (regardless of access control):" set to "Yes".
    - I have a problem with this setting because all the instance is affected and clients without a certificate can not use other applications under this instance (they receive an "Acces Denied page").
    - It seems I can specify this setting to a specific URL via an ACL but it does not work.
    - Could you confirm I can do that ? If yes, could you precise the configuration of the ACL ?
    I am using iPlanet 4.1 under Solaris 2.8. For information I am using a websphere 4 server with iPlanet. My J2EE application is CLIENT-CERT; that's why I need this setting.
    Thanks !

    Hi Roman,
    I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.
    Regards
    Daniel

  • Using Java Logging with Tomcat

    Hi in a previous non Tomcat project I wrote some classes that used the java.util.logging library that comes with java 1.4 quite successfully. I am now trying to use the same classes with Tomcat 5.0 but it doesnt like it. With the logging classes you can provide a configuration class which you define with a property "java.util.logging.config.class", I put the class in my WEB_INF\classes with all the other classes.
    When I run with Tomcat i have a servlet that does the following to try and initilse the logging
    com.appserver.util.logging.LogProperties.setLevelFromParametersFromPrefs();
    System.getProperties().setProperty("java.util.logging.config.class", "com.appserver.util.logging.LogProperties");
    LogManager.getLogManager().readConfiguration();
    it complains it cant find the class, when running readConfiguration(), (The 1st two lines run ok). I think the problem is to do with Tomcat classloader, with a simple Java application the classes would be expected to be on the system classpath, but on Tomcat the system classpath only contains bootstrap.jar.
    I realise I could probably get things working using Apaches log4j instead but it seems a bit silly to use that when there is a perfectly adequate logger built into the language now.
    Anyone done this ?

    OK
    Ive changed my code from
    com.appserver.util.logging.LogProperties.setLevelFromParametersFromPrefs();
    System.getProperties().setProperty("java.util.logging.config.class", "com.appserver.util.logging.LogProperties");
    LogManager.getLogManager().readConfiguration();to
    com.appserver.util.logging.LogProperties.setLevelFromParametersFromPrefs();
    LogManager.getLogManager().readConfiguration(com.appserver.util.logging.LogProperties.getPropertiesAsStream());Now I dont get any errors and only messages for the LEVEL is set to the value I specify in my LogProperties class are displayed. However I also specify a Formatter to use for console output but Tomcat just seems to ignore it and uses its own default formatter. Any ideas...please !

  • Authenticating to weblogic web service using a client cert with webserver

    I am trying to think of how to authenticate a client to a weblogic web service
    using a client certificate. The wrinkle is that a Web Server (iis or whatever)
    will be handling the ssl part and forwarding non-secure to weblogic. The cert
    will still be accessable in the request using: HttpServletRequest req.getAttribute("javax.net.ssl.peer_certificates).
    At this point it is not clear to me what I can do. When does CertAuthenticator
    get called? Can I even use it? Will I have to write my own version of the weblogic.soap.server.servlet.StatelessBeanAdapter
    class?
    Any help will be appreciated, even explaining why it can't be done.
    Thanks,
    Scott

    I am trying to think of how to authenticate a client to a weblogic web service
    using a client certificate. The wrinkle is that a Web Server (iis or whatever)
    will be handling the ssl part and forwarding non-secure to weblogic. The cert
    will still be accessable in the request using: HttpServletRequest req.getAttribute("javax.net.ssl.peer_certificates).
    At this point it is not clear to me what I can do. When does CertAuthenticator
    get called? Can I even use it? Will I have to write my own version of the weblogic.soap.server.servlet.StatelessBeanAdapter
    class?
    Any help will be appreciated, even explaining why it can't be done.
    Thanks,
    Scott

  • Unable to make use of JSTL with Tomcat 4.1

    I have downloaded jakarta taglibs 1.1.2 from Jakarta site .Copied the
    Jstl.jar under lib directory which I kept under WEB-INF of my specific
    web directory but tomcat is unable to identify the tag like forEach, set etc.
    Same thing happened with Java Application Server.
    The code is like this
    Even I tried with prefix c and http://java.sun.com/jstl/core uri
    <%@ taglib prefix="c_rt" uri="http://java.sun.com/jstl/core_rt" %>
    <html>
    <head>
    <title>Simple Example</title>
    </head>
    <body>
    <c_rt:set var="browser" value="${header['User-Agent']}"/>
    <c_rt:out value="${browser}"/>
    </body>
    </html>
    regards
    Diptish
    India

    In regards to the problem being observed on "Java Application Server", you may consider consulting the Sun Java System Application Server forums:
    http://forum.sun.com/jive/category.jspa?categoryID=7

  • Using dreamweavor 8 with Tomcat

    I am trying to connect my db to my test webpage by dreamweavor 8. I get to the connection of the database and I am getting lost. First it as for the db2, sql, mysql.... I am using Squirrel SQL. So would I click on the custom jdbc connection? Second it ask for driver and URL, im not sure what I should put in here? I am running this under tomcat.

    I would try to find a Dreamweaver forum if I were you.

  • Getting Run-time error when using Client ADI with Office 2010

    Hi,
    We are unable to import journals from Client ADI when using Office 2010.
    Please let me know how to resolve this issue.
    Thanks,
    Pooja

    Duplicate post -- Client ADI display A runtime error in Office 2010

  • Using OCI driver with Tomcat for JSP?Servlets

    We have a need to switch to OCI drivers instead of JDBC thin driver. Our tomcat is running on Sun and Linix platform. Does anyone have real world experience in terms of configuring the OCI driver and connection pooling? Please help to provide some configuration tips.

    You should repost this in the JDBC forum here on OTN so that you can get some better expertise in this area.
    The URL is http://forums.oracle.com/forums/forum.jsp?forum=99
    Hope this helps,
    Rob

  • CLIENT-CERT authentication in WL7

    Hi,
    I'm trying to enforce two-way authentication for clients (java applications) accessing
    a web service running on WL7.
    Web service is configured to accept requests over https only. With BASIC authentication
    it works. When I
    switch it to use CLIENT-CERT authentication I cannot connect to the web service.
    I've set the
    "javax.net.debug" directive to "ssl" and noticed that during the handshake procedure
    the server doesn't
    produce client certificate request. May it be the cause of the problem? If so,
    how can I make the server to
    generate client cert request?

    Exactly, it was the reason. Thanks.
    Marcin
    On 14 Nov 2003 10:29:39 -0700, Pavel <[email protected]> wrote:
    >
    You must have been accessing the server over one-way SSL. Make sure the
    two-way
    ssl server attribute is set to: Client Certificate Enforced, or Client
    Certificate
    Requested But Not Enforced.
    This should be all that is needed to make the server send the
    certificate request.
    With Client Certificate Enforced option you should be getting ssl
    handshake failure
    unless the client sends its certificate.
    Pavel.
    yazzva <[email protected]> wrote:
    Yes, I have. If I had not done it, I couldn't have accessed the service
    via https using basic authentication, and of course ssl debugging
    information and server configuration show that ssl is configured
    properly.
    The problem is that WL7 doesn't generate client cert request. Thanks
    for
    an attempt to help.
    Have you configured the server for two way ssl?
    See
    http://e-docs.bea.com/wls/docs70/security/SSL_client.html#1029705
    http://e-docs.bea.com/wls/docs70/secmanage/ssl.html#1168174
    for information on this.
    Pavel.
    "yazzva" <[email protected]> wrote:
    Hi,
    I'm trying to enforce two-way authentication for clients (java
    applications)
    accessing
    a web service running on WL7.
    Web service is configured to accept requests over https only. With
    BASIC
    authentication
    it works. When I
    switch it to use CLIENT-CERT authentication I cannot connect to theweb
    service.
    I've set the
    "javax.net.debug" directive to "ssl" and noticed that during the
    handshake
    procedure
    the server doesn't
    produce client certificate request. May it be the cause of the
    problem?
    If so,
    how can I make the server to
    generate client cert request?--
    Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

  • CLIENT-CERT - UserNameMapper problem

    Hi,
    I have a client, wich sends a soap-message, containing a username, to a
    webservice, that responds with "hello, <username>". The communication
    is over ssl. The webservice is running in a weblogic server 7.0 sp1.
    I have 2-way ssl working. Now I'm trying to restrict access to the
    web-service.
    I changed the web.xml of the web-service to require BASIC as
    auth-method. This works fine.
    Then I changed BASIC to CLIENT-CERT in the web.xml.
    I changed the active type of the defaultIdentityAsserter to X.509.
    I implemented a UserNameMapper class, which prints data of the presented
    certificate, and returns a username, that exists in the
    embedded-ldap-realm of weblogic server, and that has the right to
    execute the webservice (it works with BASIC auth).
    I put the name of the UserNameMapper class in the
    defaultIdentityAsserter, and I included it in my classpath.
    The UserNameMapper is working, because the data of the certificate is
    printed on stdout. But I get a 401 (Unauthorized)-error code when trying
    to access the web-service.
    Can someone give me a hint on what I'm mising?
    Thanks,
    Noella
    ************* code of UserNameMapper *********************
    import java.security.cert.*;
    public class VZNUserNameMapper implements
    weblogic.security.providers.authentication.UserNameMapper{
    public VZNUserNameMapper() {
    public String mapCertificateToUserName(X509Certificate[] certs,
    boolean ssl) {
    System.out.println(certs[0].getSubjectDN().toString());
    return "noella";
    public String mapDistinguishedNameToUserName(byte[]
    distinguishedName) {
    return null;

    Thanks it worked. Somehow I missed in documentation this x.509 setting.
    I've also had a problem with setting "Client Certificate Requested But Not Enforced"
    in WLS 7.0.0 but it seems to be working fine in SP1.
    Thanks again
    Greg
    "kirann" <[email protected]> wrote:
    hi,
    I believe you need to turn on x.509 Identity Assertion in the server
    console..
    Please check the documention.
    thanks
    kiran
    "Greg" <[email protected]> wrote in message
    news:3e243a25$[email protected]..
    Hi!
    I'm trying to set up my web application to use client-cert
    authentication. I've set in web.xml login config to
    <auth-method>CLIENT-CERT</auth-method>. When I'm accessing my
    application I'm always getting 401 Unauthorized. If I set
    login to BASIC, browser pops up login dialog and everything works
    fine.
    I've done following:
    - created and installed in WLS trusted CA certificate
    - created and installed client certificate signed by that CA in
    IE 5.5
    - configured WLS to use ssl and set "Client Certificate Enforced"
    - managed to connect to document root or console application
    using https://localhost:7002/console and verified that accually client
    certificate
    is used (not able to connect without one)
    Now I'm really stuck and have no ideas.
    Please help. Thanks in advance.
    Greg

  • Client Cert Authentication

    Is there any documentation that explain how to set up iAS 6.0 SP3 to use
    Client Cert Authentication?
    Thanks in advance,
    Jose.

    Hi,
    I am not able to understand what "client cert authentication" means can
    you please elaborate more on this. If this means authorization process by
    any chance, then iAS uses LDAP that is bundled along with iAS to
    authenticate. There is no other means to validate the users.
    Regards
    Raj
    Jose Raya wrote:
    Is there any documentation that explain how to set up iAS 6.0 SP3 to use
    Client Cert Authentication?
    Thanks in advance,
    Jose.

  • Client-cert sample webapp doesn't work?

    In trying to understand how one can use client certificates with a Java webapp in the WS7, I figured I would start with the sample that comes with WS7 (in samples/java/webapps/security/client-cert). Unfortunately, the sample doesn't seem to work. I can install it just fine, and it runs, but it doesn't do what it is supposed to do. When I access the servlet from my browser, I see the message "Welcome to our Certificate secure zone." Unfortunately, it let me access this page without ever prompting me for a certificate, so it's not actually a certificate secure zone. I double-checked in the access logs to see, and sure enough index.jsp is being delivered to an unauthenticated user.
    When I examine the web.xml deployment descriptor, it's not clear to me that it should work. Here's the web.xml:
    <web-app>
      <display-name>Welcome to Certificate Security Zone</display-name>
      <servlet>
        <servlet-name>clientcert</servlet-name>
        <display-name>clientcert</display-name>
        <jsp-file>/index.jsp</jsp-file>
      </servlet>
      <session-config>
        <session-timeout>30</session-timeout>
      </session-config>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>clientcert security test</web-resource-name>
          <url-pattern>/*</url-pattern>
        </web-resource-collection>
      </security-constraint>
      <login-config>
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>certificate</realm-name>
      </login-config>
    </web-app>This web.xml seems to imply that the mere presence of a login-config will secure the entire app. The servlet specification seems a bit vague on this point, but since there isn't any auth-constraint in the security-constraint, I don't think the login-config ever applies. I think the login-config only comes into play when a security-constraint requires authentication.
    What am I missing in my understanding of the web.xml?
    What might prevent this simple sample from working properly? Could there be some other ACL or web server setting that overrides?
    Thanks,
    Tom

    If URI is not a protected resource and you want client authentication, you should use server.xml <ssl><client-auth>...</client-auth></ssl> instead of PathCheck line as I told. Value can be set to "required" or "optional".
    However, if URL is a protected resource you DO NOT HAVE to add PathCheck or client-auth element in server.xml.*
    After installing client-cert sample application using ant and ant deploy, here is what you have to do to make it work :
    1) Add in http-listener element in instance's server.xml :
       <ssl><enabled>true</enabled></ssl>2) Make sure you have a certificate named "Server-Cert" in NSS db in <ws-install-dir>/https-<instance-name>/config or change the certificate name appropriately in server.xml.
    3) To make it a protected resource, web.xml should have :
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
    <web-app>
      <display-name>clientcert</display-name>
    <servlet>
        <servlet-name>clientcert</servlet-name>
        <display-name>clientcert</display-name>
        <jsp-file>/index.jsp</jsp-file>
      </servlet>
      <session-config>
        <session-timeout>30</session-timeout>
      </session-config>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
          <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>*</role-name>
        </auth-constraint>
      </security-constraint>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <url-pattern>/roleprotected/*</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
          <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>TestRoleOne</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>CLIENT-CERT</auth-method>
      </login-config>
      <security-role>
        <role-name>TestRoleOne</role-name>
      </security-role>
    </web-app>4) And sun-web.xml should have :
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd">
    <sun-web-app>
    <security-role-mapping>
       <role-name>TestRoleOne</role-name>
       <principal-name>[email protected], CN=Franzl Alpha, UID=alpha, OU=People, O=TestCentral, C=US</principal-name>
    </security-role-mapping>
    </sun-web-app>You will be able to access http://<host-name>:<port>/ without sending client certificate from the browser.
    Now create client certificate and import this certificate in your browser.
    Access from the browser, http://<host-name>:<port>/webapps-certificatebased-security/index.jsp browser should prompt for cert selection (if so configured) and the application should get certificate.
    P/S I have tested it It works for me this way (without adding <ssl><client-auth> or PathCheck directive).

  • Testing exampleswebapp/SnoopServelt.jsp on https and client-cert

    HI All:
    I am trying to setup 2-way authentication in wls7.0. I have not been able to pin
    down all the requriments for using client-cert authentication with 2-way authentication.
    I have done the following:
    1. enabled client certificate enforced under SSL tab
    2. specified client-cert as login mechanism in web.xml
    3. specified a security constraint and "INTEGRAL" as the transport mode for the
    URL pattern /SnoopServlet.jsp
    4. installed CertGenCA.der and client2certs.der, cerificates
    for CA and client (generated using utils.CertGen) in the browser
    when I hit the jsp I get a page cannot be displayed.
    Any ideas what settings are wrong?
    TIA,
    -Sandeep

    Hi Sandeep,
    You did not mention the following necessary step.
    - Configure the Trusted CA File Name for the client cert
    If this step does not help, you can enable server-side
    debugging by setting the following property on the java
    command line when starting WebLogic.
    -Dssl.debug=true
    I hope this helps.
    Regards,
    Tom Hegadorn
    Developer Relations Engineer
    BEA Support
    "Sandeep " <[email protected]> wrote:
    >
    HI All:
    I am trying to setup 2-way authentication in wls7.0. I have not been
    able to pin
    down all the requriments for using client-cert authentication with 2-way
    authentication.
    I have done the following:
    1. enabled client certificate enforced under SSL tab
    2. specified client-cert as login mechanism in web.xml
    3. specified a security constraint and "INTEGRAL" as the transport mode
    for the
    URL pattern /SnoopServlet.jsp
    4. installed CertGenCA.der and client2certs.der, cerificates
    for CA and client (generated using utils.CertGen) in the browser
    when I hit the jsp I get a page cannot be displayed.
    Any ideas what settings are wrong?
    TIA,
    -Sandeep

  • CLIENT-CERT Optional

    Is there a way to request but not require a client certificate? Not all of our users have digital certificates, so I can not enforce the client-cert method. Is there a way to request a client cert after ssl has been established?
    Any ideas would be appreciated.
    Mark

    Thanks - I am using Tomcat on Windows 2003 and XP.
    I have only been able to get Tomcat to use client-certs or not. The Servlet spec seems to indicate the same, but I was hoping there was an optional way.
    Thanks,
    Mark

Maybe you are looking for

  • Font in svg file

    I create a svg file with php which includes a dynamic text. Therefore I have embedded the used font with <font><font-face><glyph>.... This works fine with Chrome, but Firefox uses the standard font. How can I use an embedded font in the svg file? Tha

  • Windows 7 64bit USB 3.0 driver for HP ENVY Phoenix 810-200nc

    Hello, I bought HP ENVY Phoenix 810-200nc with windows 8.1preinstaled. I wiped up win 8 and install windows 7 proffesional 64 bit, but USB 3 dont working (mouse, keyboard its ok, but external disk no), USB 2 it's absolutely ok.  THX.

  • Location service not working

    after enabling location service in privacy and safari, still location service is not working. same way the findmyphone says that the macbook pro is online unable to determine the location and also time is not able determine location and auto update t

  • Receiving an error messgae in evnt viewer

    Post Author: Subroto CA Forum: Administration Hello BO World, I have a customer, getting error message "An internal error occurred while the CMS service factory was performing garbage collection." in windows event logs. He would like to know, the mea

  • Por que no prende mi ipod al conectarlo al puerto usb?

    por que no puedo prende mi ipod al conectarlo a la luz ni tampoko al puerto usb helpme?