Tomcat version 5.5.9 (JDK 1.5.0_02 and Windows 2000 Professional). Client certificate username is a tomcat user (with which I've already successfully tested in DIGEST authentication).
The strange thing is that when I set authClient to true I never see the the alert window of the server certificate (while instead appears with clientAuth = false). ----- Original Message ----- From: "Darryl Wilburn" <[EMAIL PROTECTED]> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org> Sent: Wednesday, April 27, 2005 3:55 PM Subject: Re: Tomcat SSL Client Authentication > What version of TC? I've read something about > configuring the HTTPS connector to perform SSL client > certificate authorization. I'm agree with Jim, in > server.xml, the clientAuth should be set to true. > That is the correct setting, if you get a page not > found, that doesn't mean the cert didn't work... > Also, the name on the client cert must be exactly the > same as the one in the user database. I've also read > that you don't need and security-constraints to use > the CLIENT-CERT unless you're also using a separeat > Realm. > > DW > > --- lercoli <[EMAIL PROTECTED]> wrote: > > Hi Jim > > > > I've tried with clientAuth = true but server > > certificate window doesn't > > appear and I get page not found error. > > > > ----- Original Message ----- > > From: "ohaya" <[EMAIL PROTECTED]> > > To: "Tomcat Users List" > > <tomcat-user@jakarta.apache.org> > > Sent: Wednesday, April 27, 2005 12:49 PM > > Subject: Re: Tomcat SSL Client Authentication > > > > > > > Hi, > > > > > > I believe that the "clientAuth" needs to be set to > > "true" in the > > > server.xml. > > > > > > Jim > > > > > > > > > > > > lercoli wrote: > > > > > > > > Hello > > > > > > > > I've configured Tomcat SSL Client Authentication > > with these settings : > > > > > > > > web.xml > > > > > > > > ....... > > > > <security-constraint> > > > > > > > > <web-resource-collection> > > > > > > > > <web-resource-name>Entire > > Application</web-resource-name> > > > > > > > > <url-pattern>/*</url-pattern> > > > > > > > > <http-method>GET</http-method> > > > > > > > > <http-method>POST</http-method> > > > > > > > > </web-resource-collection> > > > > > > > > <user-data-constraint> > > > > > > > > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > > > > > > </user-data-constraint> > > > > > > > > </security-constraint> > > > > > > > > <login-config> > > > > > > > > <auth-method>CLIENT-CERT</auth-method> > > > > > > > > </login-config> > > > > > > > > ......... > > > > > > > > server.xml > > > > > > > > ......... > > > > > > > > <Connector port="8443" maxHttpHeaderSize="8192" > > > > > > > > maxThreads="150" minSpareThreads="25" > > maxSpareThreads="75" > > > > > > > > enableLookups="false" > > disableUploadTimeout="true" > > > > > > > > acceptCount="100" scheme="https" secure="true" > > > > > > > > clientAuth="false" sslProtocol="TLS" > > > > > > > > keystoreFile="D:\jdk1.5.0_02\bin\keystore.jks" > > keystorePass="changeit" > > > > > > > > truststoreFile="D:\jdk1.5.0_02\bin\cacerts.jks" > > /> > > > > > > > > ....... > > > > > > > > Client certificate (client.cer) is installed in > > my IE Browser (version > > 6.0.28). > > > > > > > > When I invoke htpps://localhost:8443/myweapp > > appears a window that asks > > me to accept the server certificate. > > > > > > > > I accept and my webapp index page appears. > > > > > > > > So why I don't see a window for client > > authentication ? > > > > > > > > And why I 've the same behaviour also when I > > remove the client.cer from > > my Browser ? > > > > > > > > It seems that client-certification doesn't work. > > > > > > > > Any help would be greatly appreciated. > > > > > > > > Thank You > > > > > > > > Luca Ercoli > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]