Verify-client
From Resin 3.0
(Difference between revisions)
| (2 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Configuration]] [[Category:Security]] | [[Category:Configuration]] [[Category:Security]] | ||
| − | <verify-client> sets the client-certificate configuration for <[[openssl]]> and <[[jsse]]>. | + | <verify-client> sets the client-certificate configuration for <[[openssl]]> and <[[jsse-ssl]]>. |
| + | |||
| + | If the certificate is available, it will be put in the javax.servlet.request.X509Certificate request attribute. | ||
{| | {| | ||
| Line 14: | Line 16: | ||
|| optional-no-ca || ask for a client certificate, but do not validate the [[Certificate Authority]] | || optional-no-ca || ask for a client certificate, but do not validate the [[Certificate Authority]] | ||
|} | |} | ||
| + | |||
| + | ==== resin-web.xml ==== | ||
| + | |||
| + | <http port="443"> | ||
| + | <openssl> | ||
| + | <certificate-file>keys/gryffindor.crt</certificate-file> | ||
| + | <certificate-key-file>keys/gryffindor.key</certificate-file> | ||
| + | <password>changeme</password> | ||
| + | |||
| + | <verify-client>required</verify-client> | ||
| + | </openssl> | ||
| + | </http> | ||
Latest revision as of 18:01, 10 January 2006
<verify-client> sets the client-certificate configuration for <openssl> and <jsse-ssl>.
If the certificate is available, it will be put in the javax.servlet.request.X509Certificate request attribute.
| value | description |
|---|---|
| none | do not ask for a client certificate (default) |
| required | require a client certificate to access the page |
| optional | ask for a client certificate if availiable |
| optional-no-ca | ask for a client certificate, but do not validate the Certificate Authority |
[edit] resin-web.xml
<http port="443">
<openssl>
<certificate-file>keys/gryffindor.crt</certificate-file>
<certificate-key-file>keys/gryffindor.key</certificate-file>
<password>changeme</password>
<verify-client>required</verify-client>
</openssl>
</http>
