Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Read client certificate in Tomcat Server

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an app in a tomcat server, and I'm trying to read a client certificate. It's the first time I work with SSL, so probably I am doing something wrong. I don't want client validation, I just need to read the certificate content and send it to a webservice for validation and info retrieval. The problem is that I am unable to read the certificate content.

I already created a keystore and self-signed certificate for the server. The user certificate is on the browser (The user certificate is a valid one, not self-signed). The ssl connector configuration in server.xml is:

If I try to get the cipher suite : , I get the value TLS_DHE_DSS_WITH_AES_128_CBC_SHA

But when I try to read the certificates with , I just get a null value.

I have googled a little, and I read things such as that an Apache server is needed to retrieve the certificate, and then send it to Tomcat server. Is the Apache server really needed, or is Tomcat enough? In any case, what should I do to read the client certificates?

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Roberto,
I don't have any problem getting the certificate chain with:

Maybe is because a missconfiguration. Have you tried changing clientAuth="true" instead of clientAuth="want" in your server.xml
Regards, Manu
Screaming fools! It's nothing more than a tiny ad:
the value of filler advertising in 2020
    Bookmark Topic Watch Topic
  • New Topic