I have setup a Tomcat 7.0 application server with mutual (client/server) authentication over SSL. To setup this configuration I needed to create a .jks file for the server and .pks certificate for in my web browser. After configuring the server.xml file in Tomcat I have mutual authentication and SSL working. Now I am attempting to grab the certificate in a servlet, however I cannot seem to grab the certificate from the request in the servlet. I can setup a filter that successfully pulls the certificate from the request. Can anyone provide me with a configuration/code that would allow me to grab the certificate from the servlet? I would also accept a reason for why I cannot get the certificate in the servlet.
Server.xml
<Connector
clientAuth="true" port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true"
keystoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
keystoreType="JKS" keystorePass="notmypassword"
truststoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks"
truststoreType="JKS" truststorePass="notmypassword"
SSLVerifyClient="require" SSLVerifyDepth="2" sslProtocol="TLS"
/>
MyServlet.java - This throws a RuntimeException because certificate is not found when hitting url: https://localhost:8443/Sample_Application/MyServlet
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (null != certs && certs.length > 0) {
System.out.println("cert found");
}
throw new RuntimeException("No X.509 client certificate found in request");
}
MyServlet Mapping
<servlet>
<description>
</description>
<display-name>MyServlet</display-name>
<servlet-name>MyServlet</servlet-name>
<servlet-class>MyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/MyServlet</url-pattern>
</servlet-mapping>
MyFilter.java - Returns "cert found" when hitting url: https://localhost:8443/Sample_Application/test.jsp
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (null != certs && certs.length > 0) {
System.out.println("cert found");
}
//throw new RuntimeException("No X.509 client certificate found in request");
chain.doFilter(request, response);
}
My Filter Mapping
<filter>
<description>
</description>
<display-name>MyFilter</display-name>
<filter-name>MyFilter</filter-name>
<filter-class>MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
Mutual TLS, or mTLS for short, is a method for mutual authentication. mTLS ensures that the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key. The information within their respective TLS certificates provides additional verification.
Client Java Implementation First, we create an SSLSocket that establishes a connection with the server. In the background, the socket will set up the TLS connection establishment handshake. As part of this handshake, the client will verify the server's certificate and check that it's in the client truststore.
It is working. However, the Servlet is coded to always throws the RuntimeException so it looks like it isn't working.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With