What version of TC? I've read something about configuring the HTTPS connector to perform SSL client certificate authorization. I'm agree with Jim, in server.xml, the clientAuth should be set to true. That is the correct setting, if you get a page not found, that doesn't mean the cert didn't work... Also, the name on the client cert must be exactly the same as the one in the user database. I've also read that you don't need and security-constraints to use the CLIENT-CERT unless you're also using a separeat Realm.
DW --- lercoli <[EMAIL PROTECTED]> wrote: > Hi Jim > > I've tried with clientAuth = true but server > certificate window doesn't > appear and I get page not found error. > > ----- Original Message ----- > From: "ohaya" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > <tomcat-user@jakarta.apache.org> > Sent: Wednesday, April 27, 2005 12:49 PM > Subject: Re: Tomcat SSL Client Authentication > > > > Hi, > > > > I believe that the "clientAuth" needs to be set to > "true" in the > > server.xml. > > > > Jim > > > > > > > > lercoli wrote: > > > > > > Hello > > > > > > I've configured Tomcat SSL Client Authentication > with these settings : > > > > > > web.xml > > > > > > ....... > > > <security-constraint> > > > > > > <web-resource-collection> > > > > > > <web-resource-name>Entire > Application</web-resource-name> > > > > > > <url-pattern>/*</url-pattern> > > > > > > <http-method>GET</http-method> > > > > > > <http-method>POST</http-method> > > > > > > </web-resource-collection> > > > > > > <user-data-constraint> > > > > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > > > > </user-data-constraint> > > > > > > </security-constraint> > > > > > > <login-config> > > > > > > <auth-method>CLIENT-CERT</auth-method> > > > > > > </login-config> > > > > > > ......... > > > > > > server.xml > > > > > > ......... > > > > > > <Connector port="8443" maxHttpHeaderSize="8192" > > > > > > maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" > > > > > > enableLookups="false" > disableUploadTimeout="true" > > > > > > acceptCount="100" scheme="https" secure="true" > > > > > > clientAuth="false" sslProtocol="TLS" > > > > > > keystoreFile="D:\jdk1.5.0_02\bin\keystore.jks" > keystorePass="changeit" > > > > > > truststoreFile="D:\jdk1.5.0_02\bin\cacerts.jks" > /> > > > > > > ....... > > > > > > Client certificate (client.cer) is installed in > my IE Browser (version > 6.0.28). > > > > > > When I invoke htpps://localhost:8443/myweapp > appears a window that asks > me to accept the server certificate. > > > > > > I accept and my webapp index page appears. > > > > > > So why I don't see a window for client > authentication ? > > > > > > And why I 've the same behaviour also when I > remove the client.cer from > my Browser ? > > > > > > It seems that client-certification doesn't work. > > > > > > Any help would be greatly appreciated. > > > > > > Thank You > > > > > > Luca Ercoli > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
