Mark Benussi wrote:
Can I build a root certificate that is not signed by someone like Verisign or any other trusted root? (This is a cost issue).
Yes, but then people have to trust your root certifcate. One of the services Verisign and the other CAs offer (depending on the type of certificate you get) is the verification of the entity that posses the private key associated with the certificate.
Can I implement the Client Authentication on a server which does not have SSL implemented?
No. SSl is a pre-reqisite for CLIENT-CERT authentication
Can I implement the Client Authentication on a server which already has an SSL certificate, signed by someone like Verisign and effectively run both?
Yes, with some caveats. A tomcat connector is SSL enabled or not. It can not be both. Tomcat can have multiple SSL enabled connectors but they must use different ports. Each Tomcat SSL connector can be associated with one, and only one, certificate. HTH, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
