Hi Dustin, If you're running within Tomcat (or other servlet containers), it's Tomcat that deals with the SSL connector, not the Restlet connector. Therefore, this setup has nothing to do with what's on the Restlet wiki regarding SslContextFactories (which are only for connections with a direct connector in Restlet). You should follow the Tomcat SSL documentation for this instead.
If you want to use client-certificate authentication, the Servlet connector (of Restlet) relays the certificate chain (same as with the other connectors), so you can get it from the "org.restlet.https.clientCertificates" attribute in the Request: this is a List of certificates (whereas "javax.servlet.request.X509Certificate" is an array in Servlets). Best wishes, Bruno. Dustin N. Jenkins wrote: > I'm using Java 1.6, RESTlet 2.0M6, Tomcat 6.0.20, on a Linux system. > > My Tomcat runs a Connector on port 8443 to support HTTPS connections, > and my Apache configuration is proxying to it. It's not using the AJP, > but just with Redirects. > > I'm not sure how to setup SSL Certificates with my REST application. > For the BASIC authentication with HTTP, one would use a ChallengeGuard, > for example, but with HTTPS, do we still need a Guard in place to check > for certificates? > > The setup has me confused too. See here: > http://wiki.restlet.org/docs_2.0/13-restlet/28-restlet/153-restlet.html > > Do I need to configure a Server bean to look on the 8443 port that > Tomcat already has open? I assume a SSLContextFactory of some kind > needs to be configured. > > Has anyone got HTTPS Certificates working? Is there a guide for it? > > Thanks, > Dustin ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2425568
