If you want to verify the client's cert, then Kovi's answer is correct. However, it's not up to the server to decide if it's own cert is Ok: It's up to the client to decide that she trusts you.
If your client is in Java, then you need to include the CA (aka Signer) cert in your apps TrustStore. Otherwise, you'll have to consult your software's documentation to find out where to put the CA cert so that the app will trust your cert. "J.W. Koelewijn" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > First of all I want to excuse if this question was raised before, but I'm > new on the mailinglist. > Now on to the question: > I want to work with SSL on my tomcat, to protect the content sent to it and > from it. By what I've read so far, I understand that SSL certificates are > sent from the server to the client and the browser of the user will > generate a popup giving the details of the certificate. My question now is, > is it possible to just send and receive the certificate, and check in my > servlet code whether the certificate is correct? So no confirmation of a > user (which isn't there in my case, everything shold be automated) is needed? > > Thanks in advance, > J.W. Koelewijn --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
