How to set up Tomcat as a client (not a server) for mutual SSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

How to set up Tomcat as a client (not a server) for mutual SSL

Jean Pierre Urkens
I've a web application deployed under Tomcat-8.5.30 that sends  web service
(SOAP) requests (using Axis 1.4 framework) to another web server.

The target server applies mutual SSL and the SSL handshake fails on finding
an appropriate client certificate as requested by the server.

 

I can't seem to figure out how to tell Tomcat which client certificate to
use when requested to sends its client certificate during the handshake.

 

Any help is appreciated

 

Reply | Threaded
Open this post in threaded view
|

Re: How to set up Tomcat as a client (not a server) for mutual SSL

markt
On 31/05/18 14:20, Jean Pierre Urkens wrote:
> I've a web application deployed under Tomcat-8.5.30 that sends  web service
> (SOAP) requests (using Axis 1.4 framework) to another web server.
>
> The target server applies mutual SSL and the SSL handshake fails on finding
> an appropriate client certificate as requested by the server.
>
> I can't seem to figure out how to tell Tomcat which client certificate to
> use when requested to sends its client certificate during the handshake.

This isn't Tomcat configuration. Tomcat plays no part in the outgoing
connection. You configure the connection for mutual TLS the same way you
would if you were writing a standalone client.

Personally, I'd use the API rather than the system properties but the
choice is yours.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: How to set up Tomcat as a client (not a server) for mutual SSL

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 5/31/18 10:19 AM, Mark Thomas wrote:

> On 31/05/18 14:20, Jean Pierre Urkens wrote:
>> I've a web application deployed under Tomcat-8.5.30 that sends
>> web service (SOAP) requests (using Axis 1.4 framework) to another
>> web server.
>>
>> The target server applies mutual SSL and the SSL handshake fails
>> on finding an appropriate client certificate as requested by the
>> server.
>>
>> I can't seem to figure out how to tell Tomcat which client
>> certificate to use when requested to sends its client certificate
>> during the handshake.
>
> This isn't Tomcat configuration. Tomcat plays no part in the
> outgoing connection. You configure the connection for mutual TLS
> the same way you would if you were writing a standalone client.
>
> Personally, I'd use the API rather than the system properties but
> the choice is yours.

+1

When configuring using system properties, you modify the behavior of
the entire JVM.

Unfortunately, while Java provides all of the tools you need, many
operations require a lot of needlessly verbose code.

I can reply later with some useful information, having just
standardized our TLS connection information across many different
kinds of API accesses with a single class that handles the configuration
.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsRRQ4ACgkQHPApP6U8
pFjs8A//fecr9/5uoXDl5TgFL1YT3MTLyhZ2QzsM4YE7gnWzwsokoBgMiAZTwiZ7
l5/yhOKmVAqFN36gl8mhCdXQWMvD2HGGeinIt60mENb8RZ2PwuIXmHLbdpgjbniy
jPGbh1OMf2PsHAXSkYnTLsznPgie0Skv4CblItpHhJ+z5L+yDD1qUY3cDmZ1oXcG
6ypVGEGiZNlla632PY136jUVDPjjvtKGR5MK5nNJGmb4TcfGbmNeWDJhKSXIW1Qh
M9+ea4Ft3O2OFWuBWc/KjgIe0RGvZW8ldv9FSn5RYBr2p9yYnrjB/XEa55ORR7/T
4flGmPNFXGDFDPJgwIZ9ldpz8svvUnROyk97l6Z11T4fIiYwupDJcxNhlLrTGE2h
poN1BQ3voqTyeCt9K43jZvTVxvcOYzXfsb0rqkLyfFM6/g7+FAMe4hzMuUrBAVmu
XodY2K17Wa2IH9r4BaaLwWXCRDjJ5O3te8iOcXR7I2knK92HqOcnDw2kpbJh13vy
XJ4RA7SxdHMJJdGQIoWQmarebpoVGAm/Yiw2rELrG0Ln4DPqlOBn3tQ4Twwzt8L+
+CM9+6Z44CbG51ANguqueOyJhDL2DNn24j0Ce7eGNHSXLKntD8TJSqIX6xj+vQLk
zJs20UVXMn8xMP0m24/oxdUIvwC/nA35O4bCGruQTOggnMylhy0=
=VbPQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: How to set up Tomcat as a client (not a server) for mutual SSL

GaoFeng_it@139.com
In reply to this post by markt
How to unsubscribe to tomcat



[hidden email]
 
From: Mark Thomas
Date: 2018-05-31 22:19
To: Tomcat Users List
Subject: Re: How to set up Tomcat as a client (not a server) for mutual SSL
On 31/05/18 14:20, Jean Pierre Urkens wrote:
> I've a web application deployed under Tomcat-8.5.30 that sends  web service
> (SOAP) requests (using Axis 1.4 framework) to another web server.
>
> The target server applies mutual SSL and the SSL handshake fails on finding
> an appropriate client certificate as requested by the server.
>
> I can't seem to figure out how to tell Tomcat which client certificate to
> use when requested to sends its client certificate during the handshake.
 
This isn't Tomcat configuration. Tomcat plays no part in the outgoing
connection. You configure the connection for mutual TLS the same way you
would if you were writing a standalone client.
 
Personally, I'd use the API rather than the system properties but the
choice is yours.
 
Mark
 
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]