[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - Renegotiate SSL connection to send a certificate from SmartC

grahambause do-not-reply at jboss.com
Fri May 30 05:16:55 EDT 2008

hi folks!

I'm running into difficulties here trying to configure an authentication via certificate. 
I've configured communication between (a plugin on) Apache 2.2 and my Tomcat (under JBoss) via SSL, which works fine. When I open my login page, which expects a certificate it can authenticate, everything's working, because Tomcat requested the certificate on SSL establishment (clientAuth="want"). 

But here's the problem:

We keep our certificates on a SmartCard. So if I open the login page my browser requests a PIN for the card and, if successfull, let's me choose the certificate to submit. But this only works, if my smartcard is inserted into my cardreader before I access the login page (when the SSL connection between Apache and Tomcat is beeing established). If I insert the card after the SSL connection was created, tomcat does not request my certificate anymore and as a result my login page doesn't receive my certificate and can not authenticate.

My idea for a solution is to terminate the SSL connection between Apache and Tomcat when I browse to the login page an reestablish it at once, to be asked for the certificate by my Tomcat. Maybe a Servlet could do that job for me. But I'm not quite sure how, because I don't know how to get the SessionID of the SSL connection.

Help! ARGH! :-) Please reply, if you have any ideas for me...

Thanks in advance

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154549#4154549

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154549

More information about the jboss-user mailing list