Shankar Unni wrote:
However, I'm stuck trying to retrieve the client certificate from the
ServletRequest in the servlet itself.
Never mind - I had botched the truststore setup for the server, so the
client cert was not being passed in.
Answer for the archives:
import java.security.cert
Shankar Unni wrote:
However, I'm stuck trying to retrieve the client certificate from the
ServletRequest in the servlet itself.
Q: How do I get to the client's X.509 certificate? Help!
I forgot to mention: the attributes that I do see in HttpServletRequest are:
req attrName = javax.servlet
I'm using Tomcat 5.5.17's HTTPS connector, with clientAuth set to "want".
(Note: I don't want Tomcat to do the authentication itself - I simply
want to pass the client cert to the servlet for its own use; I'm trying
to set up an *optional* client-cert-based authentication setup that can
fall b
