Hi All,

I'm using Tomcat 7 with APR. I have HttpServletRequest from which I get client certificate.

X509Certificate[] clientCertificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
  • when I do full SSL handshake, clientCertificates are returned correctly,
  • when I do Session identificator handshake, clientCertificates are returned correctly too,
  • but when is TLS SessionTicket mechanism used, then no client certificate is returned to me.

I need this certificate to identify which client is sending the request.

Does anybody know how to get it by Java? Or another solution could be disable TLS SessionTicket on Tomcat, then the communication will use Session Identificator and my problem will be solved.

Thank You in advance.

3 Years
Discussion Span
Last Post by soudruhcz

When I used BIO instead of APR, SessionTicket mechanism is not used. So it's solved.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.