How to set LDAP ACI to servlets by IP addresses in Red Hat Certificate System 8.1

Solution Unverified - Updated -


  • In version 7.1 of Red Hat Certificate System, the HTTP engine was run with NES / Netscape Enterprise Server, and access control on URIs was done with configuration in files such as /opt/redhat-cs/httpacl/generated.cert-InstanceID.acl

  • For example, to filter by IP addresses on the URI /displayBySerial to search and display certificates by serial number, except from the IP addresses provided:

acl "uri=/displayBySerial";
authenticate (ip) {
     method = "SSL";
deny (all)
user = "anyone";
allow (all)
ip = ",";
  • The access control could be also done per users, groups.

  • The issue is how can some similar access control be done with Red Hat Certificate System version 8.1 that runs with Tomcat?


  • Red Hat Enterprise Linux 5
  • Red Hat Certificate System 8.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content