aspose file tools*
The moose likes Tomcat and the fly likes Apache HTTPs Configuration Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache HTTPs Configuration" Watch "Apache HTTPs Configuration" New topic
Author

Apache HTTPs Configuration

Sudhakar Krishnamurthy
Ranch Hand

Joined: Jun 02, 2003
Posts: 76
I have a Apache server that is configured to authenticate clients for a certain URL while the other clients are not authenticated.

Now when a client is trying to get a file from /myServlet/FileServlet/ location I expect the server to send a request to obtain the client certificate, while if the client is attempting to get a file from other locations no client authentication should be performed.

The behavior I am seeing is when the client comes in to the secure location with a HTTPS GET request, SSL handshake occurs without the server requesting for certificate, then I see that the HTTP GET request coming through to HTTP layer and then the server initiates another SSL handshake(re-negotiation) during which the server is requesting for the client certificate. My client is NOT a browser, it's a HTTPS client in C developed by someone else to support few basic HTTPS commands. Now my question is, is this the standard behavior or should the server be requesting the certificate in the first SSL handshake process?? If this is not the standard way of handling then is their something in the apache configuration that I am missing. Can someone please help me out.
TIA
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Apache HTTPs Configuration
 
Similar Threads
SSL and Apache
mutual authentication won't work
Custom Proxy server handling both http and https?
Servlet read file how to expose URL as https
SSL V3 with Tomcat