Hi, everyone I setup two tomcat servers. Server 1 is using client authentication, I set the server.xml like this: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="C:/work/server1/tomcat1.keystore" keystorePass="password" truststoreFile="C:/work/server1/tomcat1.keystore" truststorePass="password" /> and I deployed a web service on it. when I visit the service, the server ask me to give out the client certification. That means client authentication worked.
Server 2 is not using client authentication, I set the server.xml like following: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/work/server2/tomcat2.keystore" keystorePass="password" /> The certifications I used are CA cert, server1 cert, server2 cert. Both server1 cert and server2 cert are issued by CA. CA cert was import to the jdk/jre/lib/security/cacert on the two servers. Server 2 has a servlet that invokes the web sevice on server 1. So, the server 2 need to provide its certification to server 1 when invoke the webservice. when I navigate the servlet, it dose not work, I do not kown how to setup server 2 to auto provide certification to server1 when it is asked to provide its certification? wait for your idea~ Many Thanks! Zhu quan xin --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]