[foaf-protocols] FOAF+SSL: Simple Recipe to Create X.509 Client Certificates in PHP

[Dirk-Willem van Gulik]

Bruno Harbulot wrote:

> I don't know how to make this re-negotiation happen in a Java Servlet
> container. I'm not sure if the Servlet specification allows for this
> mechanism (I haven't found anything). For this reason, I find making the
> cert request optional easier.

As far as I can see (after playing with it for a few minutes) - it works 
splendidly, with BouncyCastle, the SUN ones and if you have apache httpd
sitting in front of it. In each case things like requesting the 
Principal start then returning valid info.

> This could be a problem for the user if the browser pops up a window for
> resources that are not protected (assuming automatic client-certificate
> selection is disabled), but that's then due to the choice of
> implementation on the server side (in this case, Java).

Agreed - if you have no default present - and you surf to something (or 
the page pulls in an image which is protected) you then get a popup.

Depending on wether a) you present one or b) the server insists on it 
(i.e. none, optional or required levels) - you then get, say, a broken 
image on your page.

If you want to play with this easily - fetch a copy of www.ejbca.org.

Dw

http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.