[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - Re: Why unable to get client certificate serial number?
waterhead77br
do-not-reply at jboss.com
Wed Jan 23 16:56:37 EST 2008
Hi,
I'm having the same issue. How did you solve it? Can't figure out how to setup Apache mod_jk + ajp13 + client cert chain.
Looking in the mod_jk.log in the debug mode. I have the following log:
The interesting thing is that the mod_jk doesn't send the whole certificate, it seems to truncate it.
Why does the mod_jk does it? Is it misconfigured?
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] uri_worker_map_update::jk_uri_worker_map.c (786): File /etc/httpd/conf/uriworkermap.properties is not modified
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] map_uri_to_worker::jk_uri_worker_map.c (678): Found session identifier ';jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1' in url '/consignacao/inicial.do;jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] map_uri_to_worker::jk_uri_worker_map.c (682): Attempting to map URI '/consignacao/inicial.do' from 10 maps
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/internet_base/*=loadbalancer' source 'uriworkermap'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/jmx-console/*=loadbalancer' source 'uriworkermap'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/web-console/*=loadbalancer' source 'uriworkermap'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/consignacao/*=loadbalancer' source 'uriworkermap'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (516): Found a wildchar match '/consignacao/*=loadbalancer'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_handler::mod_jk.c (2222): Into handler jakarta-servlet worker=loadbalancer r->proxyreq=0
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_get_worker_for_name::jk_worker.c (115): found a worker loadbalancer
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_maintain::jk_worker.c (323): Maintaining worker loadbalancer
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] maintain_workers::jk_lb_worker.c (556): decay with 2^95
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_get_name_for_type::jk_worker.c (292): Found worker type 'lb'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] init_ws_service::mod_jk.c (775): SSL client certificate (5558 bytes): -----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIERDVUhDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJC
UjETMBEGA1UEChMKSUNQLUJyYXNpbDE1MDMGA1UECxMsQXV0b3JpZGFkZSBDZXJ0
...
skiping the whole certificate
...
Hcr23ijE9hMUvHrKpIQgHb6xIUa5WUFW1er+ms4ViuDgZSHWuwIi3dhXGlaLWkah
mGkm/0/nH+fd5KAK4tR234nc6iZ5Dg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISMjAwNjA0MDcxNTM2NDYwMDAxMA0GCSqGSIb3DQEBBQUA
MFAxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMSwwKgYDVQQDEyNB
...
skiping the whole certificate
...
YaAQAK0TZ14JCLipeAnivAoR+7OsIT9gk6JF+C2fQDkAWd/GX+PPsnSGJvUntoz/
CKCkL+YS/e1kh3EqUMEXYmTKZm9lwDpzZSPVdpRieCqQNtcjXm5R2L8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEODCCAyCgAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx
EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h
...
skiping the whole certificate
...
Kr1tz8mC+Wd8WR8ieeWwcEDt7frV1vXHSeqA8n0QwaNWfYneDWqklcr7Z9Z6bu6B
yQfHRF6V/bSFpw6nZkYHZs7JO3w+3wmyJvc7Tg==
-----END CERTIFICATE-----
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] init_ws_service::mod_jk.c (888): Service protocol=HTTP/1.1 method=GET host=(null) addr=10.8.1.74 name=www.trt9.gov.br port=8443 auth=(null) user=(null) laddr=10.1.2.62 raddr=10.8.1.74 uri=/consignacao/inicial.do;jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] service::jk_lb_worker.c (940): service sticky_session=1 id='rkx1vvqyIC4B9H24XVEogA**.node1'
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] service::jk_lb_worker.c (962): service worker=node1 route=node1
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_get_endpoint::jk_ajp_common.c (2579): acquired connection pool slot=0
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (553): ajp marshaling done
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_service::jk_ajp_common.c (2050): processing node1 with 2 retries
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_send_request::jk_ajp_common.c (1352): (node1) all endpoints are disconnected, detected by connect check (0), cping (0), send (0)
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (448): socket TCP_NODELAY set to On
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (548): trying to connect socket 19 to 10.1.2.62:8009
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (574): socket 19 connected to 10.1.2.62:8009
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (878): Connected socket 19 to (10.1.2.62:8009)
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): sending to ajp13 pos=4 len=6047 max=8192
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0000 12 34 17 9B 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4......HTTP/1.1
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0010 00 00 41 2F 63 6F 6E 73 69 67 6E 61 63 61 6F 2F - ..A/consignacao/
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0020 69 6E 69 63 69 61 6C 2E 64 6F 3B 6A 73 65 73 73 - inicial.do;jsess
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0030 69 6F 6E 69 64 3D 72 6B 78 31 76 76 71 79 49 43 - ionid=rkx1vvqyIC
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0040 34 42 39 48 32 34 58 56 45 6F 67 41 2A 2A 2E 6E - 4B9H24XVEogA**.n
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0050 6F 64 65 31 00 00 09 31 30 2E 38 2E 31 2E 37 34 - ode1...10.8.1.74
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0060 00 FF FF 00 0F 77 77 77 2E 74 72 74 39 2E 67 6F - .....www.trt9.go
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0070 76 2E 62 72 00 20 FB 01 00 08 A0 01 00 03 2A 2F - v.br..........*/
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0080 2A 00 00 0F 41 63 63 65 70 74 2D 4C 61 6E 67 75 - *...Accept-Langu
.
.
.
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0190 31 00 07 15 B6 2D 2D 2D 2D 2D 42 45 47 49 4E 20 - 1....-----BEGIN.
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01a0 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D - CERTIFICATE-----
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01b0 0A 4D 49 49 46 73 6A 43 43 42 4A 71 67 41 77 49 - .MIIFsjCCBJqgAwI
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01c0 42 41 67 49 45 52 44 56 55 68 44 41 4E 42 67 6B - BAgIERDVUhDANBgk
.
.
.
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 03e0 42 42 51 41 44 67 59 30 41 4D 49 47 4A 41 6F 47 - BBQADgY0AMIGJAoG
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 03f0 42 41 4E 4B 39 2F 79 2B 42 0A 49 65 4A 51 59 57 - BANK9/y+B.IeJQYW
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_send_request::jk_ajp_common.c (1395): (node1) request body to send 0 - request body to resend 0
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=47 max=8192
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 04 02 57 00 19 46 61 6C 68 61 20 69 6E 65 73 70 - ..W..Falha.inesp
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0010 65 72 61 64 61 20 6E 6F 20 6C 6F 67 69 6E 00 00 - erada.no.login..
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0020 01 A0 01 00 09 74 65 78 74 2F 68 74 6D 6C 00 00 - .....text/html..
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (608): status = 599
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (615): Number of headers is = 1
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (671): Header[0] [Content-Type] = [text/html]
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=1173 max=8192
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 03 04 91 0D 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 - .......<!DOCTYPE
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0010 20 68 74 6D 6C 0D 0A 50 55 42 4C 49 43 20 22 2D - .html..PUBLIC."-
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0020 2F 2F 57 33 43 2F 2F 44 54 44 20 58 48 54 4D 4C - //W3C//DTD.XHTML
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0030 20 31 2E 30 20 54 72 61 6E 73 69 74 69 6F 6E 61 - .1.0.Transitiona
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0040 6C 2F 2F 45 4E 22 0D 0A 22 68 74 74 70 3A 2F 2F - l//EN".."http://
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0050 77 77 77 2E 77 33 2E 6F 72 67 2F 54 52 2F 78 68 - www.w3.org/TR/xh
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0060 74 6D 6C 31 2F 44 54 44 2F 78 68 74 6D 6C 31 2D - tml1/DTD/xhtml1-
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0070 74 72 61 6E 73 69 74 69 6F 6E 61 6C 2E 64 74 64 - transitional.dtd
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0080 22 3E 0D 0A 0D 0A 3C 68 74 6D 6C 3E 0D 0A 09 3C - ">.......<
.
.
.
.
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ws_write::mod_jk.c (455): written 1169 out of 1169
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=4 max=8192
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=2 max=8192
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_process_callback::jk_ajp_common.c (1661): AJP13 protocol: Reuse is OK
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (node1) resetting endpoint with sd = 19
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker node1
[Wed Jan 23 19:35:22 2008]loadbalancer www.trt9.gov.br 0.018127
[Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_handler::mod_jk.c (2348): Service finished with status=599 for worker=loadbalancer
Thanks,
Rafael
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122819#4122819
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122819
More information about the jboss-user
mailing list