2 Replies Latest reply on May 30, 2008 7:57 AM by Graham Bause

    Renegotiate SSL connection to send a certificate from SmartC

    Graham Bause Newbie

      hi folks!

      I'm running into difficulties here trying to configure an authentication via certificate.
      I've configured communication between (a plugin on) Apache 2.2 and my Tomcat (under JBoss) via SSL, which works fine. When I open my login page, which expects a certificate it can authenticate, everything's working, because Tomcat requested the certificate on SSL establishment (clientAuth="want").

      But here's the problem:

      We keep our certificates on a SmartCard. So if I open the login page my browser requests a PIN for the card and, if successfull, let's me choose the certificate to submit. But this only works, if my smartcard is inserted into my cardreader before I access the login page (when the SSL connection between Apache and Tomcat is beeing established). If I insert the card after the SSL connection was created, tomcat does not request my certificate anymore and as a result my login page doesn't receive my certificate and can not authenticate.

      My idea for a solution is to terminate the SSL connection between Apache and Tomcat when I browse to the login page an reestablish it at once, to be asked for the certificate by my Tomcat. Maybe a Servlet could do that job for me. But I'm not quite sure how, because I don't know how to get the SessionID of the SSL connection.

      Help! ARGH! :-) Please reply, if you have any ideas for me...

      Thanks in advance
      Graham