Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error.
----- Original Message ----- From: "ohaya" <[EMAIL PROTECTED]> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication > Hi, > > I believe that the "clientAuth" needs to be set to "true" in the > server.xml. > > Jim > > > > lercoli wrote: > > > > Hello > > > > I've configured Tomcat SSL Client Authentication with these settings : > > > > web.xml > > > > ....... > > <security-constraint> > > > > <web-resource-collection> > > > > <web-resource-name>Entire Application</web-resource-name> > > > > <url-pattern>/*</url-pattern> > > > > <http-method>GET</http-method> > > > > <http-method>POST</http-method> > > > > </web-resource-collection> > > > > <user-data-constraint> > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > > </user-data-constraint> > > > > </security-constraint> > > > > <login-config> > > > > <auth-method>CLIENT-CERT</auth-method> > > > > </login-config> > > > > ......... > > > > server.xml > > > > ......... > > > > <Connector port="8443" maxHttpHeaderSize="8192" > > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > > > enableLookups="false" disableUploadTimeout="true" > > > > acceptCount="100" scheme="https" secure="true" > > > > clientAuth="false" sslProtocol="TLS" > > > > keystoreFile="D:\jdk1.5.0_02\bin\keystore.jks" keystorePass="changeit" > > > > truststoreFile="D:\jdk1.5.0_02\bin\cacerts.jks" /> > > > > ....... > > > > Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). > > > > When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. > > > > I accept and my webapp index page appears. > > > > So why I don't see a window for client authentication ? > > > > And why I 've the same behaviour also when I remove the client.cer from my Browser ? > > > > It seems that client-certification doesn't work. > > > > Any help would be greatly appreciated. > > > > Thank You > > > > Luca Ercoli > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]