Thanks for your reply.
This would be one possibility. I tried to realize this, but in some
cases a browser specific error page is displayed instead of a
customizable tomcat error page. For example if in the server.xml
clientauth=true you dont get any http error codes.
OK, the http traffic happens after ssl authentification, so I can
imagine that this has good reasons.
But maybe there is a way...
Am 08.05.2015 um 08:28 schrieb Violeta Georgieva:
Hello,
2015-05-07 20:54 GMT+03:00 Johannes jo...@posteo.de:
Hello.
I'm using Tomcat 7.0.with Java 7.0.
I'm trying to create a webapp with needs a client certifiacte
authentification.
Normal client certifiacte authentfication works well and I can compute
the desired certificate data. The clientauth parameter in the https
connector is set to false. In my webapp is a security-constraint
registred for a url space, like /secure/*.
If authentifications fails, a ugly browser error page occurs. A new
authentification try can only be attempt after reopen the browser.
I already noticed setting server wide clientauth to want, I receive a
tomcat 401 http error page (which can be customized) if no client
certificate was found on a protected resource. But entering a bad
passphrase shows a ugly browser error page again.
Is there a way to deal with that? I believe the user acceptance will be
low with that behavior.
Consider providing your own error pages thus you can setup them with you
company branding.
Best Regards,
Violeta
Best regards Johannes.
signature.asc
Description: OpenPGP digital signature
