File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Apache HTTPs Configuration Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache HTTPs Configuration" Watch "Apache HTTPs Configuration" New topic

Apache HTTPs Configuration

Sudhakar Krishnamurthy
Ranch Hand

Joined: Jun 02, 2003
Posts: 76
I have a Apache server that is configured to authenticate clients for a certain URL while the other clients are not authenticated.

Now when a client is trying to get a file from /myServlet/FileServlet/ location I expect the server to send a request to obtain the client certificate, while if the client is attempting to get a file from other locations no client authentication should be performed.

The behavior I am seeing is when the client comes in to the secure location with a HTTPS GET request, SSL handshake occurs without the server requesting for certificate, then I see that the HTTP GET request coming through to HTTP layer and then the server initiates another SSL handshake(re-negotiation) during which the server is requesting for the client certificate. My client is NOT a browser, it's a HTTPS client in C developed by someone else to support few basic HTTPS commands. Now my question is, is this the standard behavior or should the server be requesting the certificate in the first SSL handshake process?? If this is not the standard way of handling then is their something in the apache configuration that I am missing. Can someone please help me out.
I agree. Here's the link:
subject: Apache HTTPs Configuration
It's not a secret anymore!