hi,
it's true that there is no 'step-by-step' howto for tomcat, but there
are many other ssl (and client auth) howtos which you can use for tomcat.
the only thing is just a little bit of searching and reading about ssl,
CA, X509 certificates, certification chains ...
i have succesfully
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make client
authentication 'optional':
in the java class:
:49
To: Tomcat Users List
Subject: Re: Tomcat SSL mutual authentication: Nobody's got a clue?
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make
. I assume you import the
client certificate into the server trustore. How does the server know where
to look for this truststore ?
Thanks
Dave
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 26 March 2003 08:49
To: Tomcat Users List
Subject: Re: Tomcat SSL mutual
That about sums it up. We are looking at client certs also.
The Tomcat docs say how to turn on client authentication, but
there is not much out there on hooking up to a CA and verifying
against a CRL.
All of that is beyond the scope of this list and dives deep into
the realm of JCE.
We are
Hi,
No, the Tomcat docs only says how to turn on the
*server* authentication, i.e., how to run Tomcat in
SSL mode. It does not mention how to have the client
also pass over its certificate to the Web server.
You have an idea about how to turn on client cert?
--- Norris Shelton [EMAIL