Hi, the server needs only the CA certificate used for signing the client certificate to verify client identity.
Marco ----- Original Message ----- From: "Aloi Gianfranco (SPES)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 21, 2003 4:30 PM Subject: Client Certificate Authentication > Hi, > > I have a problem with tomcat and SSL in modality of client authentication. > > I have generated my keystore and,I have imported my certificate chain in > cacerts under JAVA_HOME/jre/lib/security, > but I haven't imported the user's certificate in the keystore on the > webserver. > In the server.xml file i have inserted these lines: > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8443" minProcessors="5" maxProcessors="75" > enableLookups="true" > acceptCount="100" debug="0" scheme="https" secure="true" > useURIValidationHack="false" disableUploadTimeout="true"> > <Factory > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > clientAuth="true" protocol="TLS" > keystoreFile="mykeystore" keystorePass="passwd"/> > </Connector> > > Well, when I login to my web application, I see a popup in which I can > select the certificate. > Doing this, I can continue, but why is this possible if my certificate isn't > in the webserver's keystore, ie the webserver has skipped the user > recognizition phase. > > My configuration is : > - tomcat 4.1.18 > - Jdk Sun 1.4.1_05 > > > I hope that somebody can help me with this problem. > > Kind regards, > > Gianfranco. > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]